Pedagogical Lambda-Cube: the Λ2 Case Vincent Demange

Pedagogical lambda-cube: the λ2 case Vincent Demange

To cite this version:

Vincent Demange. Pedagogical lambda-cube: the λ2 case. 2014. hal-00958835

HAL Id: hal-00958835 https://hal.archives-ouvertes.fr/hal-00958835 Preprint submitted on 14 Mar 2014

HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Pedagogical lambda-cube: the λ2 case

Vincent Demange Loria, University of Lorraine, Nancy, France [email protected]

Abstract. In pedagogical formal systems one needs to systematically give examples of hypotheses made. This main characteristic is not the only one needed, and a formal definition of pedagogical sub-systems of the Calculus of Constructions (CC) has already been stated. Here we give such a pedagogical sub-system of CC corresponding to the second-order pedagogical λ-calculus of Colson and Michel. It thus illustrates the appropriateness of the formal deﬁnition, and opens the study to stronger systems of the λ-cube, for which CC is the most expressive representative. In addition we study the type-checking problem for the formalisms of those pedagogical calculi of second-order.

Keywords: typed lambda-calculus, calculus of constructions, pedagogical formal systems, mathematical logic, negationless mathematics, constructive mathematics.

1 Introduction

The Poincarécriterion The main feature of pedagogical formal systems is to always require the user to give examples of used hypotheses. This need for systematic exemplification has lead to the terminology of pedagogical formal systems, because it is the formal counterpart of the usual informal teaching practice consisting of giving examples of newly introduced notions. The necessity of such a constraint was already observed by Poincaré[34] in the case of definitions by postulates: “A definition by postulate has value only when the existence of the object defined has been proved [...] by means of examples [...].”. Since every set of hypotheses made on some objects (e.g. propositions or λ-terms) can be seen as a set of definitions by postulates, in the following when for a formal system every set of used hypotheses can be exemplified we will say it meets the Poincarécriterion.

Formal pedagogy More formally, for instance in propositional natural deduction systems —studied by Colson and Michel up to the propositional second-order calculus in [4, 5]— whenever one wants to use the set of formulas ∆ as hypotheses she must give a substitution σ (the examples) from propositional variables to formulas such that ⊢σ(A) for each A ∈ ∆. Through the propositions-as-types correspondence [21] this requirement extends to type systems —second-order λ-calculus studied by Colson and Michel in [6]: a typing environment x1 : A1,...,xn : An can be exempliﬁed if there are terms ti and a substitution σ from type variables to types such that ⊢ti : σ(Ai).

1 From a logical point of view and in an intuitionist framework, this pedagogical constraint does not allow the use of negation and reasoning by contradiction: it is no more possible to assume a formula A that will reveal to be a contradiction since no instance of this formula can be proved. It then agrees with the negationless mathematics advocated by Griss as a reﬁnement of intuitionism [16, 17, 18, 19]. From a computational point of view, it means that for every type at least one of its instances has to be inhabited by a term. This last property leads to the notion of usefulness of λ-terms in pedagogical type systems: every function f of type A → B can be applied to a term u of type A when A is closed.

Overview of the article In this article, we will focus on the extension of these results to the type systems of the Barendregt’s λ-cube [1]. Indeed those systems have logical and computational meaning, and the most powerful is the Calculus of Constructions (CC) of Coquand [7] for which a formal study of pedagogy has already been investigated by Colson and Demange in [3]. First the formalism of CC being more explicit, the Poincarécriterion become: if an environment x1 : A1,...,xn : An 1 is well-formed then there are terms ti such that ⊢ti : Ai[x1,...,xi−1 ← t1,...,ti−1 ] where [·←· ] is the usual substitution from variables to terms. The conclusion of the investigation was a complete formal definition of a pedagogical subsystem of CC (see def. 10): the formal system has to (i) be a subsystem of CC; (ii) verify subject reduction; (iii) meet the Poincarécriterion; (iv) and meet the converse of the Poincarécriterion. The converse of the Poincarécriterion is needed to ensure expressiveness: in [3] a system CCr satisfying (i), (ii) and (iii) but not (iv) has been exhibited with a good computational power but strong logical limitations. Also in [5] 2 a weakly pedagogical second-order calculus Ps-Prop has been stated for which a type system can be obtained satisfying (i), (iii) and (iv) but not (ii). At the end of the study about pedagogical CC, it was suggested that it is possible to build a pedagogical subsystem of CC in the precise sense of the previous definition, corresponding to the pedagogical second-order λ-calculus P-Prop2 of [6]. This construction is the main subject of this present paper, the difficulties were mainly due to a difference in formalism, the one of P-Prop2—and of Girard’s System F [13]— being more liberal than the one of CC, and the need to stick to the definition. Especially the (i) of the previous definition does not allow the addition of constant symbols (initial examples) to the calculus, which was the case in P-Prop2.

Outline of the article In section 2 we recall the usual notations, definitions and well-known results about the calculus of constructions (CC) and its subsystem of second order λ2. In sections 3, 4, 5 we define and study pedagogical subsystems of CC of second order: first with explicit and total examples (also called motivations) 2 2 2 λe, then with total motivations λt and finally with partial motivations λp. Each is obtained from the previous by relaxing some constraints, the last one fully satisfying the definition of pedagogical subsystem of CC. Then in section 6 we link those systems with the previously stated pedagogical second order λ-calculus P-Prop2 of [6]. We end in section 7 by showing the undecidabilty of type checking for all those type systems. Finally we conclude in section 8 by suggesting a formalism to recover type checking

1The well-formedness of environments Γ are formal judgements in CC written Γ wf.

2 in pedagogical formal systems, and open the study toward more expressive systems of the λ-cube based on the current work.

Related works Obviously the works on pedagogical formal systems previously mentioned are relevant: the minimal propositional calculus over →, ∧ and ∨ has been studied in [4]; the second order propositional calculus in [5]; the second-order λ-calculus in [6]; and an investigation on the whole Calculus of Constructions in [3]. A great overview of those works can be found in the introduction of [3], to which we can add the following unmentioned and unpublished 2 result of Michel in [28]: every λ-term of the second-order λ-calculus admit a continuation passing style translation that can be typed in the pedagogical second-order λ-calculus, ensuring the preservation of programs. Also in an intuitionistic framework, which is the case here, pedagogical mathematics are linked with the negationless mathematics philosophy. The idea of negationless mathematics appeared in the middle of the last century when Griss expressed it as a step further of the intuitionistic philosophy of Brouwer. Indeed, in intuitionistic mathematics, a proof of a negative statement ¬A impose to assume A in order to obtain a contradiction. But assuming A is no intuitive method for Griss since it will reveal to be an impossible construction. First works of Griss [16, 17, 18, 19] constitute an informal outline of a geometry, an arithmetic, a set theory and an analysis without negation. Heyting [20] and Franchella [10] summarize differences of viewpoint about intuitionism of Brouwer and that of Griss. Some formal developments of the Griss desiderata has been proposed, from which we can cite those of Vredenduin [38], Gilmore [12], Valpola [37], Nelson [32, 31], Minichiello [29], López-Escobar [24, 25], Mezhlumbekova [27] and more recently of Krivtsov [22, 23], dealing with negationless predicate logic and arithmetic in natural deduction systems or in sequent calculus. One of the main ideas is the introduction of a quantified implication A(~x) →~x B(~x) which is interpreted in intuitionistic logic by ∀~xA(~x) → B(~x) ∧∃~xA(~x). Mints [30] provides a good overview of those works.

2 Background and Notations

In this section, we briefly recall usual notations, definitions and results about the Calculus of Constructions (CC) and its subsystem of second-order λ2. At the end we recall the formal definition of pedagogical sub-system of the Calculus of Constructions resulting of the study in [3].

2.1 Deﬁnitions and notations We try to use x,y,... as symbols for variables, u,v,w,t,... to denote terms, A, B, . . . for types or formulas, Γ, Γ′,... for environments. The set of raw terms of CC is deﬁned by induction: the variables x, and constants Prop and Type are raw terms; λxA.u, ∀xA.B and u v are raw terms if x is a variable

2Actually a stronger but non-constructive result concerning the preservation of programs that can be typed in the λµ-calculus of Parigot [33] is present in [6].

3 and u, v, A, B are raw terms. S(u) is the set of sub-terms of u, containing u. For brevity, in the following terms will refer to raw terms. ≡ is the syntactical equality of terms modulo renaming of bound variables 3. We ∗ note by β the usual beta-reduction relation between terms; β its reﬂexive and

transitive closure; and =β its equivalence closure. A term u is in normal form if it is

not reducible, i.e. there is no term t such that u β t. If all possible reductions from a term u lead to a normal form, then the term u is said to be strongly normalizing. V(t) is the set of free variables of t. If V(t)= ∅ then t is said to be closed. The usual capture avoiding substitution of u for x in t is noted t[x ← u ]; and t[x1,...,xn ← u1,...,un ] is the simultaneous substitution of u1 for x1, u2 for x2, etc. in t. When dealing with substitutions as mathematical objects, we will use list symbolism: [] is the empty substitution, and if σ is a substitution then σ::(x 7→ a) is a new substitution mapping all variables y 6= x to σ(y) and x to a. The application of a substitution is extended from variables to terms in the usual way: if σ ≡ (x1 7→ u1):: ... ::(xn 7→ un) then σ(t)= t[x1,...,xn ← u1,...,un ]. To shorten notations, we might use a vector symbolism: ~t denotes a sequence of A~ A1 An terms t1,...,tn; and ∀~x .B denotes ∀x1 ... ∀xn .B. As usual, A → B is short for ∀xA.B when x does not appear in V(B). An environment is a ﬁnite list of associations variable-term. The empty environ- ′ ment is noted [ ] or omitted, otherwise it is of the form x1 : A1,...,xn : An, or Γ, Γ where Γ and Γ′ are environments. The domain of an environment is the ﬁnite set of its variables: dom(x1 : A1,...,xn : An)= {x1,...,xn}. Substitutions can be applied to environments: (x1 : A1,...,xn : An)[y ← u ] ≡ x1 : A1[y ← u ],...,xn : An[y ← u ]. ′ Γ ≡ x1 : A1,...,xi : Ai is an initial segment of Γ ≡ x1 : A1,...,xn : An when i ≤ n, abbreviated by Γ′ 4 Γ. Similarly for substitutions σ′ 4 σ. We will also write Γ≤i or Γ

3As in [9], we assume De Bruijn indexes for bound variables and identiﬁers for free variables. So there is no need for α-conversion notion which is implicit.

4 c Γ ⊢A : κ x 6∈ dom(Γ) (c-env1) wf c (c-env2) [] Γ,x : A wf c

Γ wf c Γ,x : A, Γ′ wf c (c-ax) (c-var) Γ ⊢c Prop : Type Γ,x : A, Γ′ ⊢c x : A

c c Γ,x : A ⊢c u : B : κ Γ ⊢u : ∀xA.B Γ ⊢v : A (c-abs) c (c-app) Γ ⊢c λxA.u : ∀xA.B Γ ⊢u v : B[x ← v ]

c c c ′ ′ Γ,x : A ⊢B : κ Γ ⊢t : A Γ ⊢A : κ A =β A (c-prod) (c-conv) Γ ⊢c ∀xA.B : κ Γ ⊢c t : A′

where κ stands for Prop or for Type.

Figure 1: Inference rules of CC.

2 Γ ⊢A : κ x 6∈ dom(Γ) 2 (env1) [] wf 2 (env2) Γ,x : A wf

Γ wf 2 Γ,x : A, Γ′ wf 2 (ax) (var) Γ ⊢2 Prop : Type Γ,x : A, Γ′ ⊢2 x : A

2 2 Γ,x : A ⊢2 u : B : Prop Γ ⊢u : ∀xA.B Γ ⊢v : A (abs) 2 (app) Γ ⊢2 λxA.u : ∀xA.B Γ ⊢u v : B[x ← v ]

Γ,x : A ⊢2 B : Prop (prod) Γ ⊢2 ∀xA.B : Prop

Figure 2: Inference rules of λ2.

5 2.2 Properties of CC In the sequel we shall need the following well-known results about CC and λ2 (omitted proofs can be found in [1]). Starred relations refer to both CC and λ2, meaning that the property holds in both systems.

Property 1 (free variables) ⋆ ⋆ (i) If x1 : A1,...,xn : An wf or x1 : A1,...,xn : An ⊢ w : C then for all i, V(Ai+1) ⊆ {x1,...,xi} and xi 6≡ xj for all i 6= j; ⋆ (ii) If x1 : A1,...,xn : An ⊢ w : C then in addition V(w,C) ⊆ {x1,...,xn}.

Property 2 If Γ wf ⋆ or Γ ⊢⋆ w : C then Type 6∈ S(Γ) and Type 6∈ S(w).

Property 3 (environments validity) (i) if Γ wf ⋆, then for all environments Γ′ 4 Γ, Γ′ wf ⋆ is a sub-derivation; (ii) if Γ ⊢⋆ w : C, then for all environments Γ′ 4 Γ, Γ′ wf ⋆ is a strict sub-derivation.

⋆ Property 4 (environment types validity) If x1 : A1,...,xn : An wf , then for ⋆ all i there is κ such that x1 : A1,...,xi : Ai ⊢ Ai+1 : κ is a strict sub-derivation.

Property 5 (type uniqueness) If Γ ⊢2 w : C and Γ ⊢2 w : C′ then C ≡ C′.

Property 6 (type correctness) If Γ ⊢⋆ w : C then C ≡ Type or Γ ⊢⋆ C : κ.

Property 7 (i) If Γ ⊢2 C : Type then C ≡ Prop and the last used rule is (ax); (ii) If Γ ⊢2 C : Prop then the last used rule is (var) or (prod).

Proof by case analysis on the last used rule. (i) (var) Impossible case because Type can not be in the environment (prop. 2).

(app) There are two cases: • B ≡ x and v ≡ Type: which is impossible (prop. 2); • B ≡ Type: hence Γ ⊢2 ∀xA. Type : κ (prop. 6), which is impossible (prop. 2). 2 (ii) (app) We have Γ ⊢∀xA.B : κ (prop. 6) which has to be obtained by the (prod) rule, hence Γ,x : A ⊢2 B : Prop. From B[x ← v ] ≡ Prop we have two cases: • B ≡ x and v ≡ Prop: the second premise is then Γ ⊢2 Prop : A obtained by the (ax) rule, hence A ≡ Type which is impossible (prop. 2); • B ≡ Prop: then Γ,x : A ⊢2 Prop : Prop which is impossible.

Property 8 If Γ ⊢2 C : Prop then for all x ∈V(C), (x : Prop) ∈ Γ.

Proof by structural induction on the derivation: we only need to consider the rules (var) and (prod) (prop. 7).

6 2 2 2 Property 9 If Γ ⊢w : C or Γ ⊢C : κ or Γ wf where Γ ≡ x1 : A1,...,xn : An then C and the Ai are in normal form.

Proof The proof can be split in two simple steps: 2 2 • if Γ wf or Γ ⊢C : κ with Γ ≡ x1 : A1,...,xn : An then λ does not appear in C nor in any Ai, proved by structural induction on the derivation; • every reducible raw term u contains the symbol λ, proved by induction on the ′ usual inductive deﬁnition of u β u .

Definition 10 (pedagogical subsystem of CC) CC⋆ is a pedagogical subsystem of CC if: (i) CC⋆ is a subsystem of CC: Γ wf ⋆ implies Γ wf c, and Γ ⊢⋆ t : C implies Γ ⊢c t : C. ⋆ ⋆ ′ ⋆ ′ (ii) CC satisfies subject reduction: if Γ ⊢ t : C and t β t then Γ ⊢ t : C. ⋆ ⋆ (iii) CC meets the Poincarécriterion and its converse: x1 : A1,...,xn : An wf if c and only if x1 : A1,...,xn : An wf and there are terms t1,...,tn such that

⋆ ⋆ ⋆ ⊢ t1 : A1 ⊢ t2 : A2[x1 ← t1 ] ... ⊢ tn : An[x1,...,xn−1 ← t1,...,tn−1 ]

3 Total and explicit motivations

Usually the current state of a proof is indicated by a sequent Γ ⊢t : A meaning that “t is a proof of A under the assumptions Γ”. In the pedagogical practice we also need examples of the hypotheses of Γ which we can make explicit using enhanced sequents of the form Γ ⊢σ t : A meaning “t is a proof of A under the assumptions Γ exemplified by σ” where σ is a substitution from the variables of Γ to terms. In the same way we switch from judgements Γ wf to Γ wf σ . Each assumption/variable of Γ has to be 2 examplified by σ, hence the total and explicit motivations system λe of fig. 3. Making the examples/motivations explicit have at least two benefits. First it allows to better reflect the practice of pedagogical mathematics by using a global example during a proof. Second it simplifies and specifies the statements about the formalism: we can act on the motivations and then appreciate the constraints they impose or they are subject to.

3.1 System deﬁnition

2 We extend the raw terms with the two constants o and ⊤. Inference rules of λe are 2 2 presented on fig. 3. The (prod) rule of λ is constrained as (e-prod) in λe in order to avoid empty types as soon as possible (e.g. ∀AProp.A). Indeed those empty types can not be examplified, and allowing to manipulate them could break the subject reduction property (see [5]) or the Poincarécriterion if we introduce them into environments. The added constraint then requires that the formed type to be compatible with the current motivation σ, namely that the instance σ(∀xA.B) be inhabited. Also the additional (second) premise of the rule (e-env2) should not be considered as a constraint: the term a is already contained in the derivation of the first premise

7 2 2 e A κ e a σ A x 6∈ dom(Γ) (e-env1) Γ ⊢σ : ⊢[] : ( ) wf 2e (e-env2) [] [] wf 2e Γ,x : A σ::(x 7→ a)

2e ′ 2e Γ wf σ Γ,x : A, Γ wf σ (e-ax) (e-var) 2e ′ 2e Γ ⊢σ o : ⊤ : Prop : Type Γ,x : A, Γ ⊢σ x : A

2e 2e A 2e Γ,x : A ⊢σ::(x 7→ a) u : B : Prop Γ ⊢σ u : ∀x .B Γ ⊢σ v : A (e-abs) (e-app) 2e A A 2e Γ ⊢σ λx .u : ∀x .B Γ ⊢σ u v : B[x ← v ]

2e 2e A Γ,x : A ⊢σ::(x 7→ a) B : Prop ⊢[] t : σ(∀x .B) (e-prod) 2e A Γ ⊢σ ∀x .B : Prop

2 Figure 3: Inference rules of λe.

2e (see lem. 17). This last fact is important for explicit motivations systems: if Γ ⊢σ A : κ does not permit us to build an example a of σ(A) then it means the motivabilty, and consequently the usability, of the type A has not been tested soon enough. Remark 11 Substitutions and environments related by wf 2e or ⊢2e match: they have the same size, and to each variable of the environment correspond a raw term at the same position in the substitution (see lem. 13). The constants o and ⊤, the initial examples, are mandatory to begin derivations: wf 2e 2e otherwise one would only be allowed to derive [ ] [] and ⊢[] Prop : Type.

2 In this section we show that λe almost satisﬁes the required properties of a peda- 2 gogical subsystem of CC: indeed in λe judgements and raw-terms are modiﬁed with respect to those of λ2 and then CC.

3.2 Preliminary results

2 The properties 1, 2, 3, 4, 5, 6, 8, 9 are still valid for λe, modulo the addition of the corresponding explicit motivations.

2 2 Theorem 12 (λe is a subsystem of λ ) 2e 2 (i) if Γ wf σ , then Γ wf ; 2e 2 (ii) if Γ ⊢σ w : C, then Γ ⊢w : C. Proof immediate by structural induction on the derivation: it is enough to “forget” 2 2 explicit motivations and to interpret in λ the constants o and ⊤ of λe by, respectively, λAProp.λxA.x and ∀AProp.A → A.

8 wf 2e 2e Lemma 13 If x1 : A1,...,xn : An σ or x1 : A1,...,xn : An ⊢σ w : C where σ ≡ (y1 7→ t1):: ... ::(ym 7→ tm) then m = n, and for all i xi ≡ yi and ti is closed.

2e Lemma 14 (generation) If Γ ⊢σ t : T then one of these cases holds: (i) if t ≡ o, then T ≡⊤; (ii) if t ≡⊤, then T ≡ Prop; (iii) if t ≡ Prop, then T ≡ Type; (iv) if t ≡ x, then there is (x : A) ∈ Γ with T ≡ A;

A 2e (v) if t ≡ λx .u, then there are B and a such that Γ,x : A ⊢σ::(x 7→ a) u : B : Prop is a strict sub-derivation with T ≡∀xA.B; (vi) if t ≡ u v, then there are A and B such that Γ ⊢2 u : ∀xA.B and Γ ⊢2 v : A are strict sub-derivations with T ≡ B[x ← v ];

A 2e (vii) if t ≡ ∀x .B, then there are a and t such that Γ,x : A ⊢σ::(x 7→ a) B : Prop and 2e A ⊢[] t : σ(∀x .B) are strict sub-derivations with T ≡ Prop.

Lemma 15

2e (i) If Γ ⊢σ C : Type then C ≡ Prop and the last derivation rule is (e-ax); 2e (ii) If Γ ⊢σ C : Prop then the last derivation rule is (e-ax) or (e-var) or (e-prod).

Proof by case analysis on the last used rule, similar to the proof for λ2 (prop. 7): 2 2 to show that a derivation is impossible for λe, it is enough to notice that λe is a subsystem of λ2 (thm. 12) and that the corresponding derivation is already impossible in λ2.

3.3 Results concerning pedagogy

2 Theorem 16 (λe meets the Poincar´ecriterion) wf 2e 2e If x1 : A1,...,xn : An σ , then for all i ⊢[] σ(xi): σ(Ai) are strict sub-derivations.

2e Proof by structural induction on the derivation of x1 : A1,...,xn : An wf σ :

2e 2e Γ ⊢σ A : κ ⊢[] a : σ(A) x 6∈ dom(Γ) (e-env2) wf 2e Γ,x : A σ::(x 7→ a)

2e wf 2e From Γ ⊢σ A : κ we know that Γ σ is a strict sub-derivation (prop. 3), hence by 2e induction hypothesis, with Γ := y1 : B1,...,yn : Bn, we have ⊢[] σ(yi) : σ(Bi) are 2e strict sub-derivations of Γ ⊢σ A : κ. The second premise allows us to conclude for x.

2e 2e Lemma 17 If Γ ⊢σ C : κ, then there is a term t such that ⊢[] t : σ(C).

Proof by structural induction on the derivation. The only rules to consider are (e-ax), (e-prod) and (e-var) (lem. 15), and only the (e-var) case is non-trivial:

9 ′ 2e Γ,x : Prop, Γ wf σ (e-var) ′ 2e Γ,x : Prop, Γ ⊢σ x : Prop

2e By the Poincar´ecriterion (thm. 16) applied to the premise, ⊢[] σ(x) : Prop is a strict 2e sub-derivation. Hence by induction hypothesis there is a term t such that ⊢[] t : σ(x).

2e ′ wf 2e ′ ′ ′ 2e Lemma 18 (weakening) If Γ ⊢σ w : C,Γ σ′ ,Γ ⊆ Γ and σ ⊆ σ , then Γ ⊢σ′ w : C.

Proof by structural induction on the derivation:

,x A 2e u B Γ : ⊢σ::(x 7→ a) : : Prop ′ 2e ′ ′ (e-abs) Let Γ wf σ′ with Γ ⊆ Γ and σ ⊆ σ . 2e A A Γ ⊢σ λx .u : ∀x .B

2e From one premise we have that Γ ⊢σ A : κ is a sub-derivation (prop. 3, 4), on which we ′ 2e 2e can apply induction hypothesis to get Γ ⊢σ′ A : κ and since also ⊢[] a : σ(A) (thm. 16) 2e ′ ′ wf 2e hence ⊢[] a : σ (A) then ﬁnally by the rule (e-env2) we have Γ ,x : A σ′::(x 7→ a) . The ′ 2e induction hypothesis applied on the premises gives Γ ,x : A ⊢σ′::(x 7→ a) u : B : Prop and the (e-abs) rule ﬁnishes the proof.

(e-prod) Just as for the (e-abs) rule to be able to apply induction hypothesis.

2e Lemma 19 If ⊢[] w : C : κ and z 6∈ dom(Γ) then: wf 2e wf 2e (i) if Γ[z ← w ] σ then z : C, Γ (z 7→ w)::σ ;

2e ′ 2e ′ (ii) if Γ[z ← w ] ⊢σ D[z ← w ]: κ then z : C, Γ ⊢(z 7→ w)::σ D : κ .

Proof by structural induction on the derivation: (i)

2e wf 2e (e-env1) From ⊢[] w : C : κ by (e-env2) we have z : C [(z 7→ w)] .

2e ′′ 2e Γ[z ← w ] ⊢σ A[z ← w ]: κ ⊢[] a : σ(A[z ← w ]) x 6∈ dom(Γ[z ← w ]) (e-env2) wf 2e Γ[z ← w ],x : A[z ← w ] σ::(x 7→ a)

2e ′′ By induction hypothesis z : C, Γ ⊢(z 7→ w)::σ A : κ and also the second premise can 2e be rewritten as ⊢[] a : (z 7→ w)::σ(A) since w is closed and z 6∈ dom(σ) (lem. 13), then by (e-env2) we get the result. (ii) The case where D ≡ z can be processed in the following way:

2e ′ wf 2e From Γ[z ← w ] ⊢σ D[z ← w ] : κ it follows that Γ[z ← w ] σ is a strict wf 2e sub-derivation (prop. 3), then by induction hypothesis z : C, Γ (z 7→ w)::σ 2e ′ and using the (e-var) rule z : C, Γ ⊢(z 7→ w)::σ z : C. Also C ≡ κ by type uniqueness (prop.5) since: • 2e ′ we have Γ[z ← w ] ⊢σ w : κ by hypothesis;

10 • 2e 2e from ⊢[] w : C we get Γ[z ← w ] ⊢σ w : C by weakening (lem. 18). Let us now deal with the cases where D 6≡ z, we only need to consider the rules (e-ax), (e-var) and (e-prod) (lem. 15):

2e Γ[z ← w ] wf σ (e-ax) with D[z ← w ] ≡⊤ and D 6≡ z, hence D ≡⊤. 2e Γ[z ← w ] ⊢σ ⊤ : Prop wf 2e By induction hypothesis z : C, Γ (z 7→ w)::σ and then using the (e-ax) rule we have 2e 2e z : C, Γ ⊢(z 7→ w)::σ ⊤ : Prop. We do the same for Γ[z ← w ] ⊢σ Prop : Type.

′ ′ wf 2e Γ[z ← w ],x : κ , Γ [z ← w ] σ::(x 7→ t)::σ′ (e-var) with D[z ← w ] ≡ x and D 6≡ ′ ′ 2e ′ Γ[z ← w ],x : κ , Γ [z ← w ] ⊢σ::(x 7→ t)::σ′ x : κ z, hence D ≡ x. ′ ′ wf 2e The induction hypothesis gives z : C, Γ,x : κ , Γ (z 7→ w)::σ::(x 7→ t)::σ′ then the (e-var) rule ﬁnishes the proof.

2e 2e A Γ[z ← w ],x:A[z ← w ] ⊢σ::a B[z ← w ]:Prop ⊢[] t:σ((∀x .B)[z ← w ]) (e-prod) 2e A[z←w ] Γ[z ← w ] ⊢σ ∀x .B[z ← w ] : Prop

2e By induction hypothesis z : C, Γ,x : A ⊢(z 7→ w)::σ::(x 7→ a) B : Prop, moreover the 2e A second premise can be rewritten to ⊢[] t : (z 7→ w)::σ(∀x .B) hence the result by (e-prod).

2 Theorem 20 (λe meets the converse of the Poincar´ecriterion) If 2e 2e ⊢[] t1 : A1 : κ1 ... ⊢[] tn : An[x1,...,xn−1 ← t1,...,tn−1 ]: κn

(with the xi pairwise distinct), then

wf 2e x1 : A1,x2 : A2,...,xn : An (x1 7→ t1)::(x2 7→ t2):: ... ::(xn 7→ tn)

Proof by induction on n: 2e By hypothesis ⊢[] An[x1,...,xn−1 ← t1,...,tn−1 ] : κn which can be rewritten 2e to ⊢[] An[x1,...,xn−2 ← t1,...,tn−2 ][xn−1 ← tn−1 ] : κn since the xi are pairwise distinct and the ti are closed (lem. 13). We can then generalize over xn−1 (lem. 19) 2e since we have ⊢[] tn−1 : An−1[x1,...,xn−2 ← t1,...,tn−2 ] : κn−1 in order to obtain 2e xn−1 :An−1[x1,..,xn−2 ← t1,..,tn−2 ] ⊢(xn−1 7→ tn−1) An[x1,..,xn−2 ← t1,..,tn−2 ]:κn. Proceeding the same, we generalize over the variables from xn−2 to x1 to ﬁnally 2e obtain x1 : A1,...,xn−1 : An−1 ⊢(x1 7→ t1):: ... ::(xn−1 7→ tn−1) An : κn. Now since also 2e ⊢[] tn : An[x1,...,xn−1 ← t1,...,tn−1 ] then by (e-env2) we ﬁnally get the result.

Lemma 21 wf 2e wf 2e (i) If z : C, Γ (z 7→ c)::σ then Γ[z ← c ] σ ;

11 2e 2e (ii) If z : C, Γ ⊢(z 7→ c)::σ w : D then Γ[z ← c ] ⊢σ w[z ← c ]: D[z ← c ].

Proof by structural induction on the derivation:

wf 2e z : C, Γ (z 7→ c)::σ (e-var) is the only non-trivial case. 2e z : C, Γ ⊢(z 7→ c)::σ z : C

wf 2e 2e By induction hypothesis, we have Γ[z ← c ] σ . And ⊢[] c : C by the Poincar´e 2e criterion (thm. 16), hence by weakening (lem. 18) we ﬁnally obtain Γ[z ← c ] ⊢σ c : C.

2e A 2e z : C, Γ ⊢(z 7→ c)::σ u : ∀x .B z : C, Γ ⊢(z 7→ c)::σ v : A (e-app) 2e z : C, Γ ⊢(z 7→ c)::σ u v : B[x ← v ]

2e A[z←c ] By induction hypothesis, both Γ[z ← c ] ⊢σ u[z ← c ] : ∀x .B[z ← c ] and 2e Γ[z ← c ] ⊢σ v[z ← c ]: A[z ← c ]. Hence applying the (e-app) rule on those we have 2e Γ[z ← c ] ⊢σ u[z ← c ] v[z ← c ] : B[z ← c ][x ← v[z ← c ]], but since c is closed (lem. 13) then B[z ← c ][x ← v[z ← c ]] ≡ B[x ← v ][z ← c ].

2e 2e A z : C, Γ,x : A ⊢(z 7→ c)::σ::(x 7→ a) B : Prop ⊢[] t :(z 7→ c)::σ(∀x .B) (e-prod) 2e A z : C, Γ ⊢(z 7→ c)::σ ∀x .B : Prop

2e By induction hypothesis Γ[z ← c ],x : A[z ← c ] ⊢σ::(x 7→ a) B[z ← c ] : Prop. And (z 7→ c)::σ(∀xA.B) ≡ σ((∀xA.B)[z ← c ]) since c is closed and z 6∈ dom(σ) (lem. 13). 2e A[z←c ] Therefore ⊢[] t : σ(∀x .B[z ← c ]) and the (e-prod) rule allows us to conclude.

2e 2e Lemma 22 If Γ ⊢σ w : C then ⊢[] σ(w): σ(C).

Proof by induction on the size of the environment: Let Γ := x1 : A1,...,xn : An and σ := (x1 7→ t1):: ... ::(xn 7→ tn). We have 2e ⊢[] w[x1 ← t1 ] ... [xn ← tn ] : C[x1 ← t1 ] ... [xn ← tn ] after n substitutions of the motivations (lem. 21). And since the ti are closed and the xi are pairwise distinct (lem. 13) then w[x1 ← t1 ] ... [xn ← tn ] ≡ w[x1,...,xn ← t1,...,tn ] ≡ σ(w) and C[x1 ← t1 ] ... [xn ← tn ] ≡ C[x1,...,xn ← t1,...,tn ] ≡ σ(C).

′ 2e ′ Lemma 23 If Γ,z : C, Γ ⊢σ w : D and z 6∈ V(Γ ,w), then z 6∈ V(D).

Proof immediate by structural induction on the derivation.

Lemma 24 (strengthening) ′ wf 2e ′ ′ wf 2e (i) If Γ,z : C, Γ σ::(z 7→ c)::σ′ and z 6∈ V(Γ ), then Γ, Γ σ::σ′ ;

′ 2e ′ ′ 2e (ii) If Γ,z : C, Γ ⊢σ::(z 7→ c)::σ′ w : D and z 6∈ V(Γ ,w), then Γ, Γ ⊢σ::σ′ w : D.

Proof by structural induction on the derivation, similar to [26, lem. 3.2.9]. The only non-immediate case is the following one:

12 ′ 2e Γ,z : C, Γ ,x : A ⊢σ::(z 7→ c)::σ′::(x 7→ a) u : B : Prop (e-abs) with z 6∈ V(Γ′,λxA.u). ′ 2e A A Γ,z : C, Γ ⊢σ::(z 7→ c)::σ′ λx .u : ∀x .B We have z 6∈ V(Γ′, A, u), therefore also z 6∈ V(B) (lem. 23). We can then apply the ′ 2e induction hypothesis to get Γ, Γ ,x : A ⊢σ::σ′::(x 7→ a) u : B : Prop and by (e-abs) the result.

2e 2e A A Lemma 25 If Γ,x : A ⊢σ::(x 7→ a) u : B : Prop, then Γ ⊢σ λx .u : ∀x .B : Prop.

2e A A Proof By (e-abs) on the hypotheses we have Γ ⊢σ λx .u : ∀x .B, so we obtain 2e A A ⊢[] σ(λx .u): σ(∀x .B) (lem. 22) which allows us to apply the (e-prod) and conclude.

wf 2e 2e wf 2e Lemma 26 If Γ σ and ⊢[] c : σ(C): κ with z 6∈ dom(Γ), then Γ,z : C σ::(z 7→ c) .

Proof Let Γ ≡ x1 : A1,...,xn : An and σ ≡ (x1 7→ a1):: ... ::(xn 7→ an). By the Poincar´ecriterion (thm. 16) we have the derivations

2e 2e 2e ⊢[] a1 : A1 ⊢[] a2 : A2[x1 ← a1 ] ... ⊢[] an : An[x1,...,xn−1 ← a1,...,an−1 ]

2e and since for all i x1 : A1,...,xi−1 : Ai−1 ⊢σ

2e 2e ⊢[] a1 : A1 : κ1 ... ⊢[] an : An[x1,...,xn−1 ← a1,...,an−1 ]: κn

2e ⊢[] c : C[x1,...,xn ← a1,...,an ]: κ

Lemma 27 (replacement of equivalents)

2e If Γ ⊢σ w : E[z1,...,zn ← C1,...,Cn ] : Prop and there are terms (fi)1≤i≤n and (gi)1≤i≤n such that for all i

2e 2e Γ ⊢σ fi : Ci → Di Γ ⊢σ Ci : Prop 2e and 2e Γ ⊢σ gi : Di → Ci Γ ⊢σ Di : Prop

′ 2e ′ then there is a term w such that Γ ⊢σ w : E[z1,...,zn ← D1,...,Dn ] : Prop.

Proof by induction on the raw term E (generalize [6, lem. 14]): ′ Let us ﬁrst notice that if E ≡ zi, then w := fi w suits. Now let us deal with the cases when E is diﬀerent from all the zi. We proceed by case analysis on the last 2e used rule producing Γ ⊢σ E[z1,...,zn ← C1,...,Cn ] : Prop, which limits the analysis to three rules (lem.15): (e-ax) In this case E ≡⊤ and then w′ := w suits.

′ (e-var) In this case E ≡ y is a variable diﬀerent from the zi and then w := w suits.

13 ~ (e-prod) Let F [~z ← C ] abbreviates F [z1,...,zn ← C1,...,Cn ]:

~ ~ 2e ~ 2e A[~z←C ] ~ Γ,x : A[~z ← C ] ⊢σ::(x 7→ a) B[~z ← C ] : Prop ⊢[] t : σ(∀x .B[~z ← C ]) ~ 2e A[~z←C ] ~ Γ ⊢σ ∀x .B[~z ← C ] : Prop

2e ~ Since Γ ⊢σ A[~z ← C ]: κ (prop. 3, 4), we distinguish two cases depending on κ:

• ~ 2e κ ≡ Type: then A[~z ← C ] ≡ Prop (lem. 15). If A ≡ zi then Γ ⊢σ Ci : Type, which is not allowed by type uniqueness (prop. 5). Necessarily A 6≡ zi for all i and then A ≡ Prop. The rule can then be rewritten in the following simpler way:

2e ~ 2e Prop ~ Γ,x : Prop ⊢σ::(x 7→ a) B[~z ← C ] : Prop ⊢[] t : σ(∀x .B[~z ← C ]) 2e Prop ~ Γ ⊢σ ∀x .B[~z ← C ] : Prop

wf 2e Weakening (lem. 18) with Γ,x : Prop σ::(x 7→ a) (prop. 3) on the derivations 2e Prop ~ 2e Prop Γ ⊢σ w : ∀x .B[~z ← C ] : Prop, we get Γ,x : Prop ⊢σ::(x 7→ a) w : ∀x .B[~z ← ~ 2e ~ C ] : Prop. Then using (e-var) and (e-app): Γ,x : Prop ⊢σ::(x 7→ a) w x : B[~z ← C ]. 2e ~ Now since Γ,x : Prop ⊢σ::(x 7→ a) B[~z ← C ] : Prop then by induction hypothesis 2e ~ there is a term u such that Γ,x : Prop ⊢σ::(x 7→ a) u : B[~z ← D ] : Prop. Hence 2e Prop Prop ~ ′ Prop Γ ⊢σ λx .u : ∀x .B[~z ← D ] : Prop (lem. 25), namely w := λx .u suits. • κ ≡ Prop: then A[~z ← C~ ] 6≡ Prop (lem. 14) and x 6∈ V(B[~z ← C~ ]) (prop. 8). 2e ~ From the ﬁrst premise, we get ⊢[] a : σ(A[~z ← C ]) : Prop (thm. 16 and lem. 22) 2e ~ which can be rewritten to ⊢[] a : A[~z, ~y ← σ(C),σ(~y)] : Prop with ~y denoting the free variables of A[~z ← C~ ]. Now since we have (lem. 22):

2e 2e ⊢[] σ(fi): σ(Ci) → σ(Di) ⊢[] σ(Ci) : Prop 2e 2e ⊢[] σ(gi): σ(Di) → σ(Ci) ⊢[] σ(Di) : Prop

and also (prop. 3, 8 and lem. 22):

2e 2e σ(yi) ⊢[] σ(yi) : Prop ⊢[] λz .z : σ(yi) → σ(yi) we can then apply the induction hypothesis on A to build a term a′ such that 2e ′ ~ 2e ′ ~ ⊢[] a : A[~z, ~y ← σ(D),σ(~y) ] : Prop, namely ⊢[] a : σ(A[~z ← D ]) : Prop. And wf 2e ~ wf 2e since Γ σ (prop. 3), we then have Γ,x : A[~z ← D ] σ::(x 7→ a′) (lem. 26).

~ 2e ~ Therefore by (e-var) we have Γ,x : A[~z ← D ] ⊢σ::(x 7→ a′) x : A[~z ← D ] and also ~ 2e ~ Γ,x : A[~z ← D ] ⊢σ::(x 7→ a′) A[~z ← D ] : Prop (prop. 4, lem. 14, 15). Hence the ~ 2e induction hypothesis gives a term u such that Γ,x : A[~z ← D ] ⊢σ::(x 7→ a′) u : A[~z ← C~ ] : Prop. By weakening (lem. 18) on the hypothesis and using the (e-app) rule we get Γ,x : ~ 2e ~ A[~z ← D ] ⊢σ::(x 7→ a′) w u : B[~z ← C ] and from the ﬁrst premise Γ,x : A[~z ← ~ 2e ~ C ] ⊢σ::(x 7→ a) B[~z ← C ] : Prop, then by strengthening (lem. 24) we can remove

14 x from the environment, and by weakening (lem. 18) with x : A[~z ← D~ ] we get ~ 2e ~ Γ,x : A[~z ← D ] ⊢σ::(x 7→ a′) B[~z ← C ] : Prop. Hence by induction hypothesis we ~ 2e ~ have a term v such that Γ,x : A[~z ← D ] ⊢σ::(x 7→ a′) v : B[~z ← D ] : Prop and 2e A[~z←D~ ] ~ ~ ﬁnally Γ ⊢σ λx .v : A[~z ← D ] → B[~z ← D ] : Prop (lem. 25).

2e 2e Lemma 28 If Γ ⊢σ C : Prop, Γ ⊢σ D : Prop with C and D closed, then there are two 2e 2e terms f and g such that Γ ⊢σ f : C → D : Prop and Γ ⊢σ g : D → C : Prop.

2e Proof Since C and D are closed, then by strengthening (lem. 24) ⊢[] C : Prop and 2e 2e 2e ⊢[] D : Prop and there are terms u and v such that ⊢[] u : C : Prop and ⊢[] v : D : Prop wf 2e wf 2e (lem. 17). By (e-env2) z : C (z 7→ u) and z : D (z 7→ v) . Weakening (lem. 18) then 2e 2e gives z : C ⊢(z 7→ u) v : D : Prop and z : D ⊢(z 7→ v) u : C : Prop. Simultaneous 2e C use of the (e-abs) and (e-prod) rules (lem. 25) gives ⊢[] λz .v : C → D : Prop and 2e D wf 2e ⊢[] λz .u : D → C : Prop. Finally by weakening (lem. 18) with Γ σ (prop. 3) we 2e C 2e D obtain Γ ⊢σ λz .v : C → D : Prop and Γ ⊢σ λz .u : D → C : Prop.

2e wf 2e 2e Lemma 29 (motivations exchange) If Γ ⊢σ w : C and Γ σ′ , then Γ ⊢σ′ w : C.

2e Proof by structural induction on the derivation of Γ ⊢σ w : C:

2e Γ,x : A ⊢σ::(x 7→ a) u : B : Prop (e-abs) 2e A A Γ ⊢σ λx .u : ∀x .B

2e Since Γ ⊢σ A : κ is a strict sub-derivation (prop. 3, 4), then by induction hypothesis 2e ′ wf 2e Γ ⊢σ′ A : κ. Hence we get a such that Γ,x : A σ′::(x 7→ a′) (lem. 17 and (e-env2)). Now we can apply the induction hypothesis on the premises followed by an application of the (e-abs) rule to obtain the result.

2e 2e A Γ,x : A ⊢σ::(x 7→ a) B : Prop ⊢[] t : σ(∀x .B) (e-prod) 2e A Γ ⊢σ ∀x .B : Prop wf 2e ′ As previously, we can start to show that Γ,x : A σ′::(x 7→ a′) for some a . Hence by 2e induction hypothesis Γ,x : A ⊢σ′::(x 7→ a′) B : Prop.

2e A We can rewrite the second premise as ⊢[] t :(∀x .B)[y1,...,ym ← σ(y1),...,σ(ym)] A where the yi are the free variables of ∀x .B. Furthermore (yi : Prop) ∈ Γ (prop. 8), 2e 2e ′ then also ⊢[] σ(yi) : Prop and ⊢[] σ (yi) : Prop (thm. 16). ′ Since the σ(yi) and the σ (yi) are all closed (lem. 13), we then have terms fi and gi 2e ′ 2e ′ such that ⊢[] fi : σ (yi) → σ(yi) and ⊢[] gi : σ(yi) → σ (yi) (lem. 28). Hence replacing ′ 2e ′ A the equivalents (lem.27) there is a term t such that ⊢[] t : (∀x .B)[y1,...,ym ← ′ ′ 2e ′ ′ A σ (y1),...,σ (ym) ], namely ⊢[] t : σ (∀x .B). We are then allowed to conclude using the (e-prod) rule.

15 Lemma 30 (substitution lemma) ′ wf 2e 2e (i) If Γ,y : C, Γ σ::(y 7→ c)::σ′ and Γ ⊢σ w : C, then there is a substitution ρ such that ′ 2e Γ, Γ [y ← w ] wf σ::ρ ;

′ 2e 2e (ii) If Γ,y : C, Γ ⊢σ::(y 7→ c)::σ′ d : D and Γ ⊢σ w : C, then there is a substitution ρ such ′ 2e that Γ, Γ [y ← w ] ⊢σ::ρ d[y ← w ]: D[y ← w ].

Proof by structural induction on the ﬁrst derivation:

(e-env2) immediate by the induction hypothesis on the ﬁrst premise followed by (e- env2) and lem. 17.

(e-var) There are three cases depending on the position in the environment of the extracted variable: before y, being y or after y. They are solved as usual using the induction hypothesis, see [1, lem. 5.2.11]. The second case need an application of 2e ′ 2e weakening (lem. 18) on Γ ⊢σ w : C in order to obtain Γ, Γ [y ← w ] ⊢σ::ρ w : C.

′ 2e Γ,y : C, Γ ,x : A ⊢σ::(y 7→ c)::σ′::(x 7→ a) u : B : Prop (e-abs) ′ 2e A A Γ,y : C, Γ ⊢σ::(y 7→ c)::σ′ λx .u : ∀x .B Induction hypothesis on the premises gives two substitutions ρ′ and ρ′′ such that

′ 2e Γ, Γ [y ← w ],x : A[y ← w ] ⊢σ::ρ′::(x 7→ a′) u[y ← w ]: B[y ← w ] ′ 2e Γ, Γ [y ← w ],x : A[y ← w ] ⊢σ::ρ′′::(x 7→ a′′) B[y ← w ] : Prop

And we can exchange the motivation of the second one (lem. 29 and prop. 3) to obtain

′ 2e Γ, Γ [y ← w ],x : A[y ← w ] ⊢σ::ρ′::(x 7→ a′) B[y ← w ] : Prop Finally we get the result by applying the rule (e-abs) with ρ := ρ′.

(e-app) As previously, since the induction hypothesis applied to the two premises gives two substitutions ρ′ and ρ′′ potentially diﬀerent, we chose one (lem. 29) and deduce the result by the rule (e-app).

′ 2e 2e ′ A Γ,y : C, Γ ,x : A ⊢σ::(y 7→c)::σ′::(x 7→a) B : Prop ⊢[] t : σ::(y 7→ c)::σ (∀x .B) (e-prod) ′ 2e A Γ,y : C, Γ ⊢σ::(y 7→ c)::σ′ ∀x .B : Prop First, by induction hypothesis, we have a substitution ρ′ and a term a′ such that

′ 2e Γ, Γ [y ← w ],x : A[y ← w ] ⊢σ::ρ′::(x 7→ a′) B[y ← w ] : Prop And transferring the motivation to the conclusion (lem. 22) and the second premise

2e ′ A ⊢[] t : σ::(y 7→ c)::σ (∀x .B) : Prop (∗)

Second since all free variable z of ∀xA.B are of type Prop (prop. 8) then: • when z 6≡ y: the Poincar´ecriterion (thm. 16) on the previous well-formed envi- 2e ′ 2e ′ ronments (prop. 3) gives us ⊢[] σ::(y 7→ c)::σ (z) : Prop and ⊢[] σ::ρ (z) : Prop;

16 • when z ≡ y: the Poincar´ecriterion (thm. 16) and the transfer of the motivation 2e ′ 2e to the conclusion (lem. 22) gives us ⊢[] σ::(y 7→ c)::σ (z) : Prop and ⊢[] σ(w) : Prop. Since all those types are closed (prop. 1) they are equivalent (lem. 28), and we can then freely exchange them (lem. 27) in (∗) to build a term t′ such that

2e ′ ′ A 2e ′ ′ A ⊢[] t : σ::(y 7→ σ(w))::ρ (∀x .B) : Prop i.e. ⊢[] t : σ::ρ ((∀x .B)[y ← w ]) : Prop

which allows us to conclude using (e-prod).

2e ′ 2e ′ Theorem 31 (subject reduction) If Γ ⊢σ t : C and t β t , then Γ ⊢σ t : C.

Proof by structural induction on the derivation followed by case analysis on the deﬁnition of β , similar to the one of [7, prop. 7] or [1, thm. 5.2.15]:

2e Γ,x : A ⊢σ::(x 7→ a) u : B : Prop (e-abs) 2e A A Γ ⊢σ λx .u : ∀x .B ′ A being in normal form (prop. 9), only the case u β u can happen: it is trivially solved using the induction hypothesis on the ﬁrst premise.

2e A 2e Γ ⊢σ u : ∀x .B Γ ⊢σ v : A (e-app) 2e Γ ⊢σ u v : B[x ← v ] There are three cases:

′ • u β u : trivial using the induction hypothesis on the ﬁrst premise and (e-app). ′ • v β v : there are three more cases (prop. 6): • A ≡ Type: impossible (prop. 6, 2); • 2e Γ ⊢σ A : Type: then A ≡ Prop (lem. 15) hence v is not reducible (prop. 9); • 2e Γ ⊢σ A : Prop: then A 6≡ Prop (lem. 14) and then x 6∈ V(B) (prop. 8) hence we have B[x ← v′ ] ≡ B ≡ B[x ← v ], and it is enough to apply the induction hypothesis on the second premise followed by (e-app). • C 2e u ≡ λx .w and u v β w[x ← v ]: generation (lem. 14) gives Γ,x : A ⊢σ w : B and by substitution (lem.30) we have the result.

(e-prod) A term of type Prop is not reducible (prop. 9).

Lemma 32 (type correctness, see prop. 6)

2e 2e If Γ ⊢σ w : C then C ≡ Type or there is κ such that Γ ⊢σ C : κ.

Proof by structural induction on the derivation (similar to prop. 6): for the (e-abs) rule, the previous lemma 25 immediately gives us the result.

2 Theorem 33 (λe is a pseudo pedagogical sub-system of CC)

17 2 λe satisﬁes the following properties: 2 (i) λe is a sub-system of CC; 2e ′ 2e ′ (ii) If Γ ⊢σ t : C and t β t , then Γ ⊢σ t : C. wf 2e wf c (iii) x1 :A1,..,xn :An (x1 7→ t1)::..::(xn 7→ tn) if and only if x1 :A1,..,xn :An and

2e 2e 2e ⊢[] t1 : A1 ⊢[] t2 : A2[x1 ← t1 ] ... ⊢[] tn : An[x1,...,xn−1 ← t1,...,tn−1 ]

Proof 2 2 (i) λe is a sub-system of λ (thm.12), itself a sub-system of CC. (ii) It is exactly the statement of the theorem 31. (iii) ⇒ It is exactly the statement of the theorem 16.

2e ⇐ From ⊢[] ti : Ai[x1,...,xi−1 ← t1,...,ti−1 ] and since Ai 6≡ Type because c x1 : A1,...,xn : An wf and ti 6≡ Type (prop. 2), thanks to type correctness 2e (lem. 32) we have ⊢[] Ai[x1,...,xi−1 ← t1,...,ti−1 ]: κi and we can then apply the theorem 20 to obtain the result.

4 Total motivations

2 In λe examples has to be maintained during the whole proof: all premisses of rules use the same motivation. But we have seen that motivations can be exchanged (lem. 29): 2e wf 2e 2e if Γ ⊢σ w : C and Γ σ′ then Γ ⊢σ′ w : C. Hence we relax this constraint in the 2 system λt (fig. 4) and allow for different motivations to be used during sub-proofs. We then make the motivations implicit but still require them to completely exemplifies environments when needed. Leaving enhanced judgements leads us a step closer to a real pedagogical subsystem of CC (additional constants are maintained).

4.1 System definition The following definitions of motivations of an environment or a type depend on the 2 formal system λt (fig. 4). To solve the apparent circularity, we can break those definitions in two parts: first a convenient abbreviation needed for the definition of the system; and second an effective definition once the inference rules of the system have been stated.

Deﬁnition 34 (Motivation of an environment) A substitution σ motivates an 2t environment Γ ≡ x1 : A1,...,xn : An, abbreviated σ mot Γ, if for all i ⊢ σ(xi): σ(Ai).

Deﬁnition 35 (Motivation of a type) A substitution σ motivate a type C relatively to an environment Γ, abbreviated σ motΓ C if (i) σ mot Γ and (ii) there is a term t such that ⊢2t t : σ(C).

2t Depending on the context, σ mot Γ will denote the derivations ⊢ σ(xi) : σ(Ai), or the fact that the environment Γ can be motivated by σ. The same applies for the

σ motΓ C notation too.

18 2t (t-env1) Γ ⊢ A : κ x 6∈ dom(Γ) 2t (t-env2) [] wf 2t Γ,x : A wf

Γ wf 2t Γ,x : A, Γ′ wf 2t (t-ax) (t-var) Γ ⊢2t o : ⊤ : Prop : Type Γ,x : A, Γ′ ⊢2t x : A

2 2 Γ,x : A ⊢2t u : B : Prop Γ ⊢t u : ∀xA.B Γ ⊢t v : A (t-abs) 2 (t-app) Γ ⊢2t λxA.u : ∀xA.B Γ ⊢t u v : B[x ← v ]

2t A Γ,x : A ⊢ B : Prop σ motΓ ∀x .B (t-prod) Γ ⊢2t ∀xA.B : Prop

2 Figure 4: Inference rules of λt .

4.2 Results

2 The properties 1, 3, 4 are still valid for λt .

2 2 Theorem 36 (λt is a subsystem of λ ) (i) if Γ wf 2t then Γ wf 2; (ii) if Γ ⊢2t w : C then Γ ⊢2 w : C.

Lemma 37 (see lem. 15) (i) If Γ ⊢2t C : Type then C ≡ Prop and the last rule of the derivation is (t-ax); (ii) If Γ ⊢2t C : Prop then the last rule of the derivation is (t-ax), (t-var) or (t-prod).

2 2 Lemma 38 (λe is a sub-system of λt ) For every substitution σ: 2e 2t (i) if Γ wf σ then Γ wf ; 2e 2t (ii) if Γ ⊢σ w : C then Γ ⊢ w : C. Proof by structural induction on the derivation. Every cases but (e-prod) are immediate: since we forget the explicit motivation, the rules are the same (or more 2 constrained in the case of e-env2) in λe.

2e 2e A Γ,x : A ⊢σ::(x 7→ a) B : Prop ⊢[] t : σ(∀x .B) (e-prod) with Γ ≡ y1 :D1,...,yn :Dn. 2e A Γ ⊢σ ∀x .B : Prop

2e By the ﬁrst premise we have the sub-derivation Γ wf σ (prop. 3) and the Poincar´e 2e criterion (thm. 16) gives ⊢[] σ(yi): σ(Di) as strict sub-derivations, on which we can 2t apply induction hypothesis to obtain ⊢ σ(yi) : σ(Di), namely σ mot Γ. Moreover,

19 induction hypothesis applied on the second premise gives us ⊢2t t : σ(∀xA.B) and we A then get σ motΓ ∀x .B. The induction hypothesis applied on the ﬁrst premise and the (t-prod) rule allow us to conclude.

2 2 Lemma 39 (λt is a sub-system of λe)

2t 2e (i) if Γ wf then there is a substitution σ such that Γ wf σ ; 2t 2e (ii) if Γ ⊢ w : C then there is a substitution σ such that Γ ⊢σ w : C.

Proof by structural induction on the derivation:

Γ ⊢2t A : κ x 6∈ dom(Γ) (t-env2) Γ,x : A wf 2t

′ 2e By induction hypothesis we have a substitution σ such that Γ ⊢σ′ A : κ, and then 2e ′ (lem. 17) there is a term a such that ⊢[] a : σ (A). Hence by (e-env2) we obtain the result with σ := σ′::(x 7→ a).

Γ,x : A ⊢2t u : B : Prop (t-abs) Γ ⊢2t λxA.u : ∀xA.B

2e By induction hypothesis we have Γ,x : A ⊢σ1::(x 7→ a1) u : B for a substitution σ1 and 2e a term a1, and also Γ,x : A ⊢σ2::(x 7→ a2) B : Prop for σ2 and a2. Hence by exchange 2e of motivations (prop. 3 and lem. 29) we also have Γ,x : A ⊢σ1::(x 7→ a1) B : Prop and ﬁnally the result by (e-abs).

(t-app) Performed as for (t-abs).

2t A Γ,x : A ⊢ B : Prop σ motΓ ∀x .B (t-prod) Γ ⊢2t ∀xA.B : Prop In the following, (IH) will be the name of the induction hypothesis, which is appli- cable to every strict sub-derivation of Γ ⊢2t ∀xA.B : Prop.

Let Γ ≡ y1 : D1,...,yn : Dn. First we show by induction on i that

wf 2e ∀i y1 : D1,...,yi : Di σ≤i

• wf 2e i = 0: by (e-env1) we have [ ] [] . • Assume wf 2e y1 : D1,...,yi : Di σ≤i (IHi)

A 2t By the deﬁnition of σ motΓ ∀x .B we have ⊢ σ(yi+1): σ(Di+1) as a sub- 2e derivation, on which we can apply (IH) to obtain ⊢[] σ(yi+1): σ(Di+1). 2t Since y1 : D1,...,yi : Di ⊢ Di+1 : κ is a sub-derivation of the ﬁrst premise (prop. 3, 4), using the induction hypothesis (IH) we can build a

20 2e substitution ρ such that y1 : D1,...,yi : Di ⊢ρ Di+1 : κ, hence by moti- 2e vations exchange (lem. 29) using (IHi) y1 : D1,...,yi : Di ⊢σ≤i Di+1 : κ. We then transfer the motivation to the conclusion (lem. 22) to obtain 2e ⊢[] σ≤i(Di+1): κ. wf 2e 2e Finally since y1 :D1,...,yi :Di σ≤i (IHi) and ⊢[] σ(yi+1):σ≤i(Di+1):κ, wf 2e then y1 : D1,...,yi : Di,yi+1 : Di+1 σ≤i+1 (lem. 26) which closes this sub-proof.

2e Now, when i = n, we have Γ wf σ . The induction hypothesis (IH) applied to the ′ 2e 2e ﬁrst premise gives ρ and a such that Γ,x : A ⊢ρ::(x 7→ a′) B : Prop. Hence Γ ⊢ρ A : κ 2e (prop. 3, 4), so Γ ⊢σ A : κ by exchange of motivations (lem. 29), and there is a such 2e wf 2e that ⊢[] a : σ(A) (lem. 17). Using (e-env2) we have Γ,x : A σ::(x 7→ a) . By exchange 2e of motivations (lem. 29) we then get Γ,x : A ⊢σ::(x 7→ a) B : Prop.

A 2t A The deﬁnition of σ motΓ ∀x .B implies the existence of t such that ⊢ t : σ(∀x .B) 2e A is a sub-derivation on which we can apply (HI) to obtain ⊢[] t : σ(∀x .B). Finally the (e-prod) rule gives the result.

2 Theorem 40 (λt is a pseudo pedagogical sub-system of CC) 2 λt satisﬁes the following properties: 2 (i) λt is a sub-system of CC; 2t ′ 2t ′ (ii) If Γ ⊢ t : C and t β t then Γ ⊢ t : C.

2t c (iii) x1 : A1,...,xn : An wf if and only if x1 : A1,...,xn : An wf and there are terms t1,...,tn such that

2t 2t 2t ⊢ t1 : A1 ⊢ t2 : A2[x1 ← t1 ] ... ⊢ tn : An[x1,...,xn−1 ← t1,...,tn−1 ]

Proof 2 2 (i) λt is a sub-system of λ (thm. 36) itself a sub-system of CC. 2t 2e (ii) From Γ ⊢ t : C we have a substitution σ such that Γ ⊢σ t : C (lem. 39) and since ′ 2e ′ 2t ′ t β t , then Γ ⊢σ t : C (thm. 33) hence Γ ⊢ t : C (lem. 38). 2t 2e (iii) ⇒ From x1 : A1,...,xn : An wf we have x1 : A1,...,xn : An wf σ (lem. 39), wf c 2e hence x1 : A1,...,xn : An and ⊢[] σ(xi+1) : σ(Ai+1) (thm. 33) and ﬁnally 2t ⊢ σ(xi+1): σ(Ai+1) (lem. 38). 2 2 ⇐ Similarly we move back and forth from λt to λe (lem. 38, 39).

5 Partial motivations

Prop A In [3] we designed CCr a subsystem of CC able to derive λA .λx .x of type ∀AProp.A → A, those two terms acting as initial examples like the constants o and ⊤ 2 2 2 do for λe and λt (and P-Prop of [6]). In CCr the (c-prod) rule of CC is constrained

21 A 2 such that every occurrences of the formed type ∀x .B has to be inhabited. In λe 2 and λt only one occurrence need to be inhabited, but it has lead us to use motivations dealing with all the possible variables of the type to be motivated, namely all the variables of the environments, making the motivations total. In order to recover this behaviour of CCr and remove the need for additional constants, we can make the motivations partial, that is allowing them to act on some variables of the environments.

5.1 System deﬁnition

2 As for λt the following deﬁnitions of partial motivation of an environment or a type 2 refer to the formal system λp (ﬁg. 5) and the apparent circularity can be circumvented in the same way.

Deﬁnition 41 (Application of a partial motivation) The application of the substitution σ to the environment Γ, whose result is an environment abbreviated by σ(Γ), is recursively deﬁned as:

σ([]) := [] σ(Γ) if x ∈ dom(σ) σ(Γ,x : A) := (σ(Γ),x : σ(A) otherwise

Deﬁnition 42 (Partial motivation of an environment) A substitution σ partially motivates the environment Γ ≡ x1 : A1,...,xn : An, abbreviated σ mot Γ, 2p if for all i xi ∈ dom(σ) ⇒ σ(Γ

Exampleg 44 σ := [x2 7→ t2,x4 7→ t4] partially motivates the type C relatively to Γ := x1 : A1,...,x5 : A5 if:

2p 2p (i) x1 : A1 ⊢ t2 : A2 and x1 : A1,x3 : A3[x2 ← t2 ] ⊢ t4 : A4[x2 ← t2 ];

2p (ii) there is t such that x1 : A1,x3 : A3[x2 ← t2 ],x5 : A5[x2,x4 ← t2,t4 ] ⊢ t : σ(C).

Remark 45 2 When dom(Γ) ⊆ dom(σ) we have the total motivation deﬁnition of λt . When dom(σ)= ∅ the behaviour of CCr is recovered. For every environment Γ, [ ] mot Γ holds. However, for a type C, we of course do not always have [ ] motΓ C. g g

22 2p (p-env1) Γ ⊢ A : κ x 6∈ dom(Γ) 2p (p-env2) [] wf 2p Γ,x : A wf

Γ wf 2p Γ,x : A, Γ′ wf 2p (p-ax) (p-var) Γ ⊢2p Prop : Type Γ,x : A, Γ′ ⊢2p x : A

2 2 Γ,x : A ⊢2p u : B : Prop Γ ⊢p u : ∀xA.B Γ ⊢p v : A (p-abs) 2 (p-app) Γ ⊢2p λxA.u : ∀xA.B Γ ⊢p u v : B[x ← v ]

2p A Γ,x : A ⊢ B : Prop σ motΓ ∀x .B (p-prod) Γ ⊢2p ∀xA.B : Prop g

2 Figure 5: Inference rules of λp.

5.2 Results

2 In this section, we will identify the constants o and ⊤ of the previous systems λe and 2 2 Prop A Prop λt to their deﬁnitions in λp, namely o := λA .λx .x and ⊤ := ∀A .A → A.

Lemma 46 We have the following derived rules:

Γ wf 2p Γ ⊢2p o : ⊤ : Prop : Type

Proof immediate by using an empty motivation whenever the (p-prod) rule is used (similar to the proof for CCr in [3, sec. 3.4]) .

2 2 Theorem 47 (λp is a subsystem of λ ) (i) if Γ wf 2p then Γ wf 2; (ii) if Γ ⊢2p w : C then Γ ⊢2 w : C.

Proof immediate by structural induction on the derivation.

2 2 Lemma 48 (λt is a subsystem of λp) (i) if Γ wf 2t then Γ wf 2p; (ii) if Γ ⊢2t w : C then Γ ⊢2p w : C.

Proof immediate by structural induction on the derivation: • the (t-ax) case is done in the previous lemma 46;

23 • for the (t-prod) case, applying the induction hypothesis on all the derivations of A A σ motΓ ∀x .B is enough to obtain σ motΓ ∀x .B and to conclude using (p-prod). g 2 In order to prove the converse of the previous lemma, namely that λp is a subsys- 2 tem of λt , we will need to complete partial motivation to make them total. Therefore there is a need to deﬁne the substitution resulting of the composition of two substitutions:

Deﬁnition 49 (Composition of substitutions) σ ⊙ ρ is the composition substitution of the two substitutions σ and ρ deﬁned by:

σ σ ⊙ ρ := ρ ::σ\dom(ρ) where []σ := [] ((y 7→ v)::τ)σ := (y 7→ σ(v))::τ σ and σ\dom(ρ) is σ where all (x 7→ v) such that x ∈ dom(ρ) are removed.

Lemma 50 For every raw term t and substitutions σ and ρ we have σ⊙ρ(t) ≡ σ(ρ(t)). Moreover dom(σ ⊙ ρ) = dom(σ) ∪ dom(ρ).

Proof immediate by induction on the raw term t.

2 2 Lemma 51 (λp is a subsystem of λt ) (i) if Γ wf 2p then Γ wf 2t; (ii) if Γ ⊢2p w : C then Γ ⊢2t w : C.

Proof by structural induction on the derivation:

2p A Γ,x : A ⊢ B : Prop σ motΓ ∀x .B (p-prod) with Γ ≡ y1 : D1,...,yn : Dn. Γ ⊢2p ∀xA.B : Prop g A 2p A By the deﬁnition of σ motΓ ∀x .B, we have a term t such that σ(Γ) ⊢ t : σ(∀x .B) is a sub-derivation, and then by induction hypothesis σ(Γ) ⊢2t t : σ(∀xA.B). Hence there is a substitution gρ (lem. 39) such that

2e A σ(Γ) ⊢ρ t : σ(∀x .B) (∗)

A We then have ρ ⊙ σ motΓ ∀x .B since:

• A 2p if yi ∈ dom(σ), by the deﬁnition of σ motΓ ∀x .B we have σ(Γ

24 • if yi 6∈ dom(σ) then yi ∈ dom(σ(Γ)), and then from (∗) using the Poincaré 2e criterion (thm. 16 and prop. 3) ⊢[] ρ(yi) : ρ(σ(Di)), namely, since yi 6∈ dom(σ), 2e 2t ⊢[] ρ(σ(yi)) : ρ(σ(Di)). Hence ⊢ ρ ⊙ σ(yi): ρ ⊙ σ(Di) (lem. 38, 50). • finally from (∗), transferring the motivation to the conclusion (lem. 22) we have 2e A 2t A ⊢[] ρ(t): ρ(σ(∀x .B)). Hence ⊢ ρ(t): ρ ⊙ σ(∀x .B) (lem. 38, 50). Thus the induction hypothesis applied to the first premise gives Γ,x : A ⊢2t B : Prop and the (t-prod) allows to conclude.

2 Theorem 52 (λp is a pedagogical sub-system of CC) 2 λp satisﬁes the following properties: 2 (i) λp is a subsystem of CC;

2p ′ 2p ′ (ii) If Γ ⊢ t : C and t β t , then Γ ⊢ t : C.

2p c (iii) x1 : A1,...,xn : An wf if and only if x1 : A1,...,xn : An wf and there are terms t1,...,tn such that

2p 2p 2p ⊢ t1 : A1 ⊢ t2 : A2[x1 ← t1 ] ... ⊢ tn : An[x1,...,xn−1 ← t1,...,tn−1 ]

2 2 Proof (i) holds since λp is a sub-system of λ (thm. 47) itself a sub-system of CC. 2 2 For (ii) and (iii) it is enough to notice that λt are λp equivalent (lem. 48, 51) in order to import the results of the former (thm. 40) into the later.

2 Let us emphasize that λp is a pedagogical sub-system of CC in the sense of the formal deﬁnition given at the beginning (def. 10).

6 Pedagogical system F

2 2 λp is a pedagogical subsystem of CC, syntactically equivalent to the systems λe and 2 λt (lem. 38, 39, 48, 51). In this section we link those systems with the second order pedagogical λ-calculus P-Prop2 of [6]. First we recall the system P-Prop2, then we 2 show that it is equivalent to λt .

6.1 System definition Definition 53 (Types of P-Prop2) Types of P-Prop2 are built according to the following rules: (i) ⊤ is a type; (ii) types variables α,β,γ,... are types; (iii) if A and B are types then A→B is a type; (iv) if α is a type variable and A a type then ∀α.A is a type. The finite set of free variables of a type A, noted V(A), is defined in the usual way.

Deﬁnition 54 (Terms of P-Prop2) Terms of P-Prop2 are built according to the following rules: (i) o is a term; (ii) term variables x,y,z,... are terms; (iii) if x is a term variable, A a type and t a term then λxA.t is a term; (iv) if α is a type variable and t a term then Λα.t is a term; (v) if t and u are terms then t u is a term; (vi) if t is a term and U a type then t U is a term.

25 ⊢pf σ · ∆ x : F ∈ ∆ ⊢pf σ · ∆ (P-Ax) (P-Hyp) ∆ ⊢pf o : ⊤ ∆ ⊢pf x : F

∆,x : A ⊢pf u : B ∆ ⊢pf u : A→B ∆ ⊢pf v : A (→i) (→e) ∆ ⊢pf λxA.u : A→B ∆ ⊢pf u v : B

pf pf ∆ ⊢pf u : B α 6∈ V(∆) ∆ ⊢ u : ∀α.B ⊢ σ · V ∀ (∀i) pf (P- e) ∆ ⊢pf Λα.u : ∀α.B ∆ ⊢ u V :[α ← V ] · B

Figure 6: Inference rules of P-Prop2.

Definition 55 (Substitutions of P-Prop2) A substitution of P-Prop2 is an application from type variables to types. The application of a substitution σ to a type A, defined in the usual way, is noted σ · A. A constant substitution but in a finite number of points α1,...,αn, associated respectively to the types V1,...,Vn, is noted [α1,...,αn ← V1,...,Vn].

Definition 56 (Contexts of P-Prop2) A context ∆ of P-Prop2 is a finite set of couples x : A where x is a term variable and A a type. Moreover if x : A and x : B are into the set ∆ then A = B. The context {x1 : A1,...,xn : An} is abbreviated to x1 : A1,...,xn : An. The set of free variables of a context ∆ = x1 : A1,...,xn : An, noted V(∆), is defined the usual way as the union of the V(Ai).

The following deﬁnitions of motivation refer to the formal system P-Prop2 (ﬁg. 6):

Deﬁnition 57 (Motivations of P-Prop2) A substitution σ of P-Prop2motivates a type A, noted ⊢pf σ · A, if there is a term t such that ⊢pf t : σ · A. By extension, a pf substitution σ motivate a context ∆= x1 : A1,...,xn : An, noted ⊢ σ · ∆, if for all i pf we have ⊢ σ · Ai.

2 2 Remark 58 In P-Prop , and unlike λt , substitutions and contexts are set based, terms and types are disjoint, and a motivated type is not necessarily closed. Also since types are not built into the system P-Prop2 every rules introducing new types need to be constrained (see ﬁg. 6).

6.2 Results

2 2 Deﬁnition 59 (Translation from P-Prop to λt )

26 2 2 Let [[·]] be the translation from types and terms of P-Prop to the raw terms of λt deﬁned by: [[⊤]] := ⊤ [[x]] := x [[α]] := α [[λxA.t]] := λx[[A]].[[t]] [[A→B]] := [[A]] → [[B]] [[Λα.t]] := λαProp.[[t]] [[∀α.A]] := ∀αProp.[[A]] [[t u]] := [[t]] [[u]] [[o]] := o [[t U]] := [[t]] [[U]] where α is a type variable and x is a term variable.

2 Remark 60 We implicitly assumed that variables of λt contains type and term variables of P-Prop2.

Lemma 61 For all types A, B and all type variable α of P-Prop2

[[[α ← B] · A]] ≡ [[A]][α ← [[B]]]

Proof by structural induction on the type A of P-Prop2.

Let us notice some results simplifying the extension of the translation of the con- 2 2 texts of P-Prop to the environments of λt , in order to use the later like sets instead of lists:

2 Lemma 62 (exchange in λe) If y 6∈ V(D) then: ′ wf 2e ′ wf 2e (i) If Γ,y :C,z :D, Γ σ::(y 7→c)::(z 7→ d)::σ′ then Γ,z :D,y :C, Γ σ::(z 7→d)::(y 7→c)::σ′ ;

′ 2e ′ 2e (ii) If Γ,y:C,z:D, Γ ⊢σ::(y 7→ c)::(z 7→d)::σ′ w :E then Γ,z:D,y:C, Γ ⊢σ::(z 7→ d)::(y 7→ c)::σ′ w:E. Proof by structural induction on the derivation:

2e 2e Γ,y : C ⊢σ::(y 7→ c) D : κ ⊢[] d : σ::(y 7→ c)(D) z 6∈ dom(Γ,y) (e-env2) wf 2e Γ,y : C,z : D σ::(y 7→ c)::(z 7→ d)

2e Since y 6∈ V(D) by strengthening (lem. 24) on the ﬁrst premise we get Γ ⊢σ D : κ 2e wf 2e then ⊢[] d : σ(D) (lem. 22). Hence by (e-env2) we have Γ,z : D σ::(z 7→ d) .

2e From the ﬁrst premise we deduce Γ ⊢σ C : κ (prop. 4), which we can weaken (lem. 18) 2e to obtain a derivation of Γ,z : D ⊢σ::(z 7→ d) C : κ.

2e 2e Since ⊢[] c : σ(C) (thm. 16) and z 6∈ V(C) (lem. 13) then also ⊢[] c : σ::(z 7→ d)(C), wf 2e and by (e-env2) we ﬁnally obtain the result Γ,z : D,y : C σ::(z 7→ d)::(y 7→ c) .

2 Lemma 63 (exchange in λt ) If y 6∈ V(D) then: (i) If Γ,y : C,z : D, Γ′ wf 2t then Γ,z : D,y : C, Γ′ wf 2t; (ii) If Γ,y : C,z : D, Γ′ ⊢2t w : E then Γ,z : D,y : C, Γ′ ⊢2t w : E.

2 2 Proof immediate (lem. 62) since λt and λe are equivalents (lem. 38, 39).

2t Lemma 64 If Γ ⊢ w : C then we can split Γ in two environments Γ1 and Γ2 such 2t that: (i) Γ is a permutation of Γ1, Γ2; (ii) Γ1, Γ2 ⊢ w : C; (iii) for all y : D ∈ Γ1, D ≡ Prop; (iv) for all y : D ∈ Γ2, D 6≡ Prop.

27 2t Proof Let Γ ≡ x1 : A1,...,xn : An. Since we have x1 : A1,...,xi : Ai ⊢ Ai+1 : κ (prop. 4): either κ ≡ Type and then Ai+1 ≡ Prop (lem. 37); or κ ≡ Prop and then Ai+1 6≡ Prop (lem. 14, 39). We can then put all the xi : Ai where Ai ≡ Prop in front of the environment (lem. 63) to constitute the Γ1 part, the others constituting the Γ2 part.

Remark 65 The elements of Γ1 can appear in any order (lem. 63). The same holds also for Γ2 since the Ai only depend on the variables xj : Prop of Γ1 (prop. 8 and lem. 39).

2t In the following, we will assume that the Γ1 part of Γ in judgements Γ wf or Γ ⊢2t w : C is implicit and then we will omit mentioning it. It can be reconstituted by putting in it every free variables of Γ, w and C. This is allowed by the properties of strengthening (lem. 24) and weakening (lem. 18) permitting us to add and remove elements of type Prop into Γ. Those observations allow for a simpler definition of the translation of contexts of 2 2 P-Prop to environments of λt : Definition 66 (Translation of a context of P-Prop2) 2 2 The translation of a context of P-Prop to an environment of λt is defined by:

[[x1 : A1,...,xn : An]] := x1 : [[A1]],...,xn : [[An]]

2 2t 2t Lemma 67 (type correctness of λt ) If Γ ⊢ w : C, then C ≡ Type or Γ ⊢ C : κ.

2 2 Proof immediate: it already holds for λe (lem. 32), equivalent to λt (lem. 38, 39).

Lemma 68 If Γ ⊢2t w : [[C]], then Γ ⊢2t [[C]] : Prop.

Proof From Γ ⊢2t w : [[C]] we deduce that there is κ such that Γ ⊢2t [[C]] : κ (lem. 67). But if κ ≡ Type, then [[C]] ≡ Prop (lem. 37), which is not possible by the deﬁnition of [[·]]. As a consequence κ ≡ Prop.

Deﬁnition 69 (Universal trivial motivation) The universal trivial motivation τ is the constant substitution associating ⊤ to every type variable.

Property 70 If ∆ ⊢pf u : F then for every sub-type G of ∆,F we have ⊢pf τ · G.

Proof in [6, thm. 19].

Lemma 71 If ∆ ⊢pf u : F then there is a derivation of ∆ ⊢pf u : F using only the trivial motivation τ in the premise of the rules (P-Ax), (P-Hyp) and (P-∀e).

Proof by structural induction on the derivation. For each of the three rules, every motivated formulas appear as a sub-type of the conclusion sequent. Thus they are also motivable by τ (prop. 70). We can then replace everywhere the premise ⊢pf σ · ∆ by ⊢pf τ · ∆.

Lemma 72 If ∆ ⊢pf w : C is a derivation using only the trivial motivation τ, then [[∆]] ⊢2t [[w]] : [[C]].

28 Proof by structural induction on the derivation:

⊢pf τ · ∆ (P-Ax) where ∆ = {x1 : A1,...,xn : An}. ∆ ⊢pf o : ⊤ pf By hypothesis we have some terms ti such that ⊢ ti : τ · Ai. Hence by induction 2t hypothesis ⊢ [[ti]] : [[τ · Ai]]. But [[τ · Ai]] ≡ [[Ai]][~y ← ⊤ ] (lem. 61) where ~y are the 2t free variables of Ai. And since ⊢ [[τ · Ai]] : Prop (lem. 68) then by the reciprocal of 2t the Poincar´ecriterion (thm. 40) x1 : [[A1]],...,xn : [[An]] wf and then by the (t-ax) rule we obtain the result.

x : F ∈ ∆ ⊢pf τ · ∆ (P-Hyp) ∆ ⊢pf x : F As for (P-Ax), we show that [[∆]] wf 2t. But since x : F ∈ ∆ implies x : [[F ]] ∈ [[∆]], then by (t-var) we have [[∆]] ⊢2t x : [[F ]].

∆,x : A ⊢pf u : B (→i) ∆ ⊢pf λxA.u : A→B By the induction hypothesis [[∆]],x : [[A]] ⊢2t [[u]] : [[B]] and [[∆]],x : [[A]] ⊢2t [[B]] : Prop (lem. 68). Hence by (t-abs) we obtain [[∆]] ⊢2t λx[[A]].[[u]] : [[A]] → [[B]] (because x 6∈ V(B) implies x 6∈ V([[B]])).

∆ ⊢pf u : A→B ∆ ⊢pf v : A (→e) ∆ ⊢pf u v : B It is enough to apply the induction hypothesis to the two premises and use (t-app).

∆ ⊢pf u : B α 6∈ V(∆) (∀i) ∆ ⊢pf Λα.u : ∀α.B By induction hypothesis we have [[∆]] ⊢2t [[u]] : [[B]]. There are two cases depending on whether α ∈V(B) or not: • α ∈V(B): then α : Prop is in the hidden implicit part of the translated environment, and since it does not appear in V(∆) it does not appear either in V([[∆]]). We can then bubble up α : Prop in head position by successive permutations (lem. 63) to obtain [[∆]],α : Prop ⊢2t [[u]] : [[B]]. • α 6∈ V(B): then α does not appear in the hidden part of the environment, and we can then add α : Prop to [[∆]] by weakening (lem. 18, 38, 39) to obtain [[∆]],α : Prop ⊢2t [[u]] : [[B]].

In both cases we also have [[∆]],α : Prop ⊢2t [[B]] : Prop (lem. 68) and (t-abs) allows us to conclude.

∆ ⊢pf u : ∀α.B ⊢pf τ · V (P-∀e) ∆ ⊢pf u V :[α ← V ] · B

29 As for (P-Ax) and (P-Hyp), from ⊢pf τ · V we deduce z : [[V ]] wf 2t where z is a fresh variable. We then get ⊢2t [[V ]] : κ (prop. 4) where κ ≡ Prop (otherwise [[V ]] ≡ Prop by prop. 8 and lem. 38, 39 which is impossible). By the induction hypothesis [[∆]] ⊢2t [[u]] : ∀αProp.[[B]] and then [[∆]] wf 2t (prop. 3). Thus by weakening we also have [[∆]] ⊢2t [[V ]] : Prop and then using the (t-app) rule [[∆]] ⊢2t [[u]] [[V ]] : [[B]][α ← [[V ]]]. But [[B]][α ← [[V ]]] ≡ [[[α ← V ] · B]] (lem. 61).

Lemma 73 If Γ ⊢2t w : C and w 6≡ Prop then there is a term or a type w′ of P-Prop2 such that [[w′]] ≡ w.

Proof by structural induction on the derivation:

Γ,x : A ⊢2t u : B : Prop (t-abs) Γ ⊢2t λxA.u : ∀xA.B First the induction hypothesis gives us a term u′ such that [[u′]] ≡ u. Then, since Γ ⊢2t A : κ (prop. 4) is a sub-derivation, we are faced to two cases: • if κ ≡ Type, then A ≡ Prop (lem. 37) and in this case w′ := Λx.u′ ﬁts; • if κ ≡ Prop, then A 6≡ Prop, and we can apply the induction hypothesis to get a ′ term A′ such that [[A′]] ≡ A; hence w′ := λxA .u′ ﬁts.

2t A Γ,x : A ⊢ B : Prop σ motΓ ∀x .B (t-prod) Γ ⊢2t ∀xA.B : Prop The induction hypothesis gives us a term B′ such that [[B′]] ≡ B. We have to consider two cases in the sub-derivation Γ ⊢2t A : κ: • if κ ≡ Type, then A ≡ Prop (lem. 37) and in this case w′ := ∀x.B′ ﬁts; • if κ ≡ Prop, then A 6≡ Prop and then x 6∈ V(B) (prop. 8), and the induction hypothesis gives us a term A′ such that [[A′]] ≡ A, hence w′ := A′→B′ ﬁts.

2t Corollary 74 If y1 : D1,...,yn : Dn ⊢ w : C then: ′ 2 ′ (i) if Di 6≡ Prop then there is a term or a type Di of P-Prop such that [[Di]] ≡ Di; (ii) if w 6≡ Prop then there is a term or a type w′ of P-Prop2 such that [[w′]] ≡ w; (iii) if C 6≡ Prop, Type then there is a term or a type C′ of P-Prop2 such that [[C′]] ≡ C.

Proof

2t (i) From y1 : D1,...,yi : Di ⊢ Di+1 : κ (prop. 4) we can distinguish two cases:

• if κ ≡ Type, then Di+1 ≡ Prop (lem. 37);

• if κ ≡ Prop, then Di+1 6≡ Prop and the lemma 73 ﬁnishes the proof. (ii) This is exactly the lemma 73.

30 (iii) We have three cases (lem. 67): • C ≡ Type: then the implication is valid by vacuity;

2t • y1 : D1,...,yn : Dn ⊢ C : Type: then C ≡ Prop (lem. 37);

2t • y1 : D1,...,yn : Dn ⊢ C : Prop: then C 6≡ Prop and the lemma 73 concludes.

Lemma 75 (i) If [[∆]] wf 2t then there is a substitution ρ such that ⊢pf ρ · ∆; (ii) If [[∆]] ⊢2t [[C]] : Prop then there is a substitution ρ such that ⊢pf ρ · ∆ and ⊢pf ρ · C; (iii) If [[∆]] ⊢2t [[w]] : [[C]] then ∆ ⊢pf w : C.

Proof by structural induction on the derivation:

pf 1 2t ρ ρ (t-env ) [[∅]] wf With the empty substitution, we have trivially ⊢ · ∅.

[[∆]] ⊢2t A : κ x 6∈ dom([[∆]]) (t-env2) [[∆]],x : A wf 2t There are two cases: • if κ ≡ Prop then A 6≡ Prop, and A is the image of some A′ by [[·]] (cor. 74); the induction hypothesis on the premise gives a substitution ρ satisfying ⊢pf ρ · (∆,A′); • if κ ≡ Type then A ≡ Prop (lem. 37) and x : A is in the hidden part of the environment; but since [[∆]] wf 2t (prop. 3) is a sub-derivation, then the induction hypothesis gives a substitution ρ such that ⊢pf ρ · ∆.

[[∆]] wf 2t (t-ax) [[∆]] ⊢2t [[o]] : [[⊤]] : Prop By induction hypothesis on the premise we have a substitution ρ such that ⊢pf ρ · ∆, we can then derive ∆ ⊢pf o : ⊤ by (P-Ax), and then we have also ⊢pf ρ · (∆, ⊤).

[[∆,x : A, ∆′]] wf 2t (t-var) [[∆,x : A, ∆′]] ⊢2t [[x]] : [[A]] By induction hypothesis we have a substitution ρ such that ⊢pf ρ · (∆,x : A, ∆′) and then by (P-Hyp) we get ∆,x : A, ∆′ ⊢pf x : A.

(t-abs) Depending on the type of x, we are faced to one on those two cases:

[[∆]],x : [[A]] ⊢2t [[u]] : [[B]] : Prop [[∆]],x : Prop ⊢2t [[u]] : [[B]] : Prop [[∆]] ⊢2t [[λxA.u]] : [[A→B]] [[∆]] ⊢2t [[Λx.u]] : [[∀x.B]]

Each case can be easily solved using the induction hypothesis on the ﬁrst premise and the (→i) and (∀i) rules (respectively).

31 (t-app) As previously, depending on the type of x we have two cases:

[[∆]] ⊢2t [[u]] : [[A→B]] [[∆]] ⊢2t [[v]] : [[A]] [[∆]] ⊢2t [[u]] : [[∀x.B]] [[∆]] ⊢2t [[v]] : Prop [[∆]] ⊢2t [[u v]] : [[B]] [[∆]] ⊢2t [[u v]] : [[B]][x ← [[v]]]

The induction hypothesis and the (→e) and (∀e) rules (respectively) solve them.

(t-prod) Once again, depending on the type of x we have to deal with two cases:

2t → [[∆]],x : [[A]] ⊢ [[B]] : Prop σ mot[[∆]][[A B]] • where ∆ ≡ y1 : D1,...,yn : Dn. [[∆]] ⊢2t [[A→B]] : Prop → By the deﬁnition of σ mot[[∆]][[A B]], we have:

2t • terms ti such that ⊢ ti : [[Di]][~α ← E~ ] where ~α are the free variables of the 2t Di and then the Ej are such that ⊢ Ej : Prop (prop. 8). We then have terms ′ ′ ′ ′ 2t ′ Ej and ti such that [[Ej]] ≡ Ej and [[ti]] ≡ ti (cor. 74). Therefore ⊢ [[ti]] : ~′ 2t ′ ~′ [[Di]][~α ← [[E ]]] namely ⊢ [[ti]] : [[[~α ← E ] · Di]] (lem. 61). The induction pf ′ ~′ pf ~′ hypothesis gives ⊢ ti :[~α ← E ] · Di namely ⊢ ρ · Di where ρ := [~α ← E ]. • and a term u such that ⊢2t u : [[A→B]][~α ← E~ ] which by the same way leads us to ⊢pf ρ · (A→B). [[∆]],x : Prop ⊢2t [[B]] : Prop σ mot [[∀x.B]] • [[∆]] Solved as previously. [[∆]] ⊢2t [[∀x.B]] : Prop

Theorem 76 ∆ ⊢pf w : C if and only if [[∆]] ⊢2t [[w]] : [[C]].

Proof ⇒ From ∆ ⊢pf w : C, we build a derivation using only τ as motivation (lem. 71), and then [[∆]] ⊢2t [[w]] : [[C]] (lem. 72).

⇐ It is exactly the (iii) of lemma 75 above.

Corollary 77 We can embed the second order propositional calculus Prop2 and λ2 2 2 2 in the calculi λe, λt and λp. Proof The next property 79 recalls an embedding from Prop2 to P-Prop2, which 2 2 2 2 is enough because we can embed P-Prop in λt (thm. 76), λt being equivalent to λe 2 2 2 and λp (lem. 38, 39, 48, 51). Also λ and Prop are two diﬀerent formalizations of the 2 2 same calculus (can be shown similarly as what we did for λt and P-Prop ).

7 Type checking

In this section we show that for all the pedagogical type systems of second-order presented so far the so-called type-checking problem is not decidable. We use the fact that the type inhabitation problem for Prop2 is not decidable. Prop2 is P-Prop2 without the constraints, also known as System F such as presented in [15].

32 Deﬁnition 78 (Type inhabitation) For a given formal system, the type inhabitation problem is: input: a context (or an environment) Γ, and a type A; output: “true” if there is a term t such that Γ ⊢⋆ t : A, and “false” otherwise.

Property 79 The type inhabitation problem for Prop2 can be reduced to the type inhabitation problem for P-Prop2: for every ∆ and A there is t such that ∆ ⊢f t : A if and only if there is t′ such that ∆γ ⊢pf t′ : Aγ , where γ is a translation from formulas of Prop2 to formulas of P-Prop2.

Proof A (constructive) proof can be found in [5] about formal systems corresponding to the type systems Prop2 and P-Prop2. The translation γ , inspired by the A-translation of [11], consists in replacing every occurrences of type variables α by α ∨ γ where γ is a fresh type variable.

Property 80 Type inhabitation for Prop2 is undecidable.

Proof by Urzyczyn in [36].

Lemma 81 Type inhabitation for P-Prop2 is undecidable.

Proof by contradiction. Assume that type inhabitation for P-Prop2 can be decided by an algorithm D: D(∆,A) = true if and only if there is a term t such that ∆ ⊢pf t : A. We can then build an algorithm D′ able to decide the problem of type inhabitation for Prop2: D′(∆,A) := D(∆γ ,Aγ ). Indeed:

D′(∆,A) = true iff D(∆γ ,Aγ ) = true iff there is t′ such that ∆γ ⊢pf t′ : Aγ iff there is t such that ∆ ⊢f t : A (prop. 79)

But we noticed that the type inhabitation for Prop2 is undecidable (prop. 80).

Deﬁnition 82 (Type checking) For a given type system, the problem of type checking is: input: a context (or an environment) Γ, a term t and a type A; output: “true” if there is a derivation of Γ ⊢⋆ t : A, and “false” otherwise.

Lemma 83 The type inhabitation problem for P-Prop2 with an empty context can 2 be reduced to the type checking problem for λt with an empty context: for every type A there is t such that ⊢pf t : A with A closed if and only if ⊢2t [[A]] : Prop.

Proof ⇒ From ⊢pf t : A we can deduce ⊢2t [[t]] : [[A]] (thm. 76), and by type correctness (lem. 67) ⊢2t [[A]] : κ. But κ 6≡ Type because otherwise [[A]] ≡ Prop (lem. 37) which is not possible by the deﬁnition of [[·]], hence κ ≡ Prop.

33 ⇐ From ⊢2t [[A]] : Prop we can build a term a such that ⊢2t a : [[A]] (lem. 17, 38, 39). But a is the image of a term t by [[·]] (cor. 74), i.e. [[t]] ≡ a, hence ⊢2t [[t]] : [[A]] and ﬁnally ⊢f t : A (thm. 76).

Lemma 84 The type inhabitation problem for P-Prop2 can be reduced to the type inhabitation problem for P-Prop2 with an empty context: for every type A there is t such that ∆ ⊢pf t : A if and only if there is t′ such that ⊢pf t′ : ∀~α.∆→A, where ∀~α.∆→A is closed, ~α are the free variables of ∆ and A, and ∆→A denotes B1→ ... →Bn→A with ∆ = {y1 : B1,...,yn : Bn}.

pf pf Proof ⇒ From ∆ ⊢ t : A we have ⊢ λ∆.t : ∆→A using (→i) and then pf ′ ⊢ Λ~α.λ∆.t : ∀~α.∆→A using (∀i). So t := Λ~α.λ∆.t ﬁts.

pf ′ pf ′ ⇐ Conversely from ⊢ t : ∀~α.∆→A using (∀e) we have ⊢ t ~α :∆→A since the ~α are motivable ⊤, and then by weakening we have ∆ ⊢pf t′ ~α :∆→A and ﬁnally pf ′ ′ using (→e) we obtain ∆ ⊢ t ~α ∆: A, namely t := t ~α ∆ ﬁts. Weakening for P-Prop2 has been proved in [6, prop. 21] if the introduced formula can be motivated: here the formulas of ∆ are all motivable by the trivial substitution τ since they appear as sub-formulas in ∀~α.∆→A (prop. 70).

2 Theorem 85 The type checking problem for λt is undecidable.

2 Proof by contradiction. Let us assume that the type checking problem for λt can be decided by an algorithm D: D(Γ, t, A) = true if and only if Γ ⊢2t t : A. We can then build an algorithm D′ to decide the type inhabitation problem for P-Prop2: D′(∆,A) := D([], [[∀~α.∆→A]], Prop) with ~α the free variables of ∆ and A. Indeed:

D′(∆,A) = true iff D([], [[∀~α.∆→A]], Prop) = true iff ⊢2t [[∀~α.∆→A]] : Prop iff there is t such that ⊢pf t : ∀~α.∆→A (lem. 83) iff there is t′ such that ∆ ⊢pf t′ : A (lem. 84)

But the type inhabitation problem for P-Prop2 is undecidable (lem. 81).

2 Corollary 86 The type checking problem for λp is undecidable.

2 2 Proof is an immediate consequence of the equivalence of λt and λp (lem. 38, 39).

Deﬁnition 87 (Type checking with explicit motivations) For a given type system with explicit motivations, the type checking problem for explicit motivations is the following: input: a context (or environment) Γ, a substitution σ, a term t and a type A; ⋆ output: “true” if there is a derivation of Γ ⊢σ t : A, and “false” otherwise.

2 Theorem 88 The type checking problem for λe is undecidable.

34 2 Proof by contradiction. Let us assume that the type checking problem for λe can 2e be decided by an algorithm D: D(Γ, σ, t, A) = true if and only if Γ ⊢σ t : A. We can ′ 2 then build an algorithm D to decide the type checking problem for λt : D([], [], ∀Γ.⊤, Prop) if A ≡ Type and t ≡ Prop false if A ≡ Type and t 6≡ Prop ′  D (Γ, t, A) := false if A ≡ Prop and t ≡ Prop  D([], [], ∀Γ.∀zt.⊤, Prop) if A ≡ Prop and t 6≡ Prop D([], [],λΓ.t, ∀Γ.A) otherwise   B1  Bn with λΓ.A ≡ λy1 .....λy n .A if Γ ≡ y1 : B1,...,yn : Bn, and similarly for ∀Γ.A. 2e First we show that D([], [], ∀Γ.⊤, Prop) = true iﬀ there is σ such that Γ wf σ :

2e ⇒ From ⊢[] ∀Γ.⊤ : Prop by generation (lem. 14) we obtain a substitution σ such 2e wf 2e that Γ ⊢σ ⊤ : κ, and finally (prop. 3) Γ σ . wf 2e 2e ⇐ From Γ σ using (e-ax) we have Γ ⊢σ o : ⊤ : Prop and then using (e-abs) and 2e (e-prod) (lem. 25) ⊢[] λΓ.o : ∀Γ.⊤ : Prop, so D([], [], ∀Γ.⊤, Prop) = true. Now we can show that D′(Γ, t, A) = true iff Γ ⊢2t t : A: • A ≡ Type and t ≡ Prop: D′(Γ, t, A) = true iff D([], [], ∀Γ.⊤, Prop) = true 2e iff there is σ Γ wf σ 2e iff there is σ Γ ⊢σ Prop : Type ((e-ax) and prop. 3) iff Γ ⊢2t Prop : Type (lem. 38, 39)

• A ≡ Type and t 6≡ Prop: D′(Γ, t, A) = false and Γ 6⊢2t t : Type (lem. 15). • A ≡ Prop and t ≡ Prop: D′(Γ, t, A) = false and Γ 6⊢2t Prop : Prop (lem. 14) • A ≡ Prop and t 6≡ Prop: D′(Γ, t, A) = true iff D([], [], ∀Γ.∀zt.⊤, Prop) = true wf 2e iff there are σ and w Γ,z : t σ::(z 7→ w) 2e iff there is σ Γ ⊢σ t : κ (prop. 4, lem. 17, (e-env2)) 2e iff there is σ Γ ⊢σ t : Prop (lem. 15) iff Γ ⊢2t t : Prop (lem. 38, 39)

• A 6≡ κ: D′(Γ, t, A) = true iff D([], [],λΓ.t, ∀Γ.A) = true 2e iff ⊢[] λΓ.t : ∀Γ.A 2e ′ iff ⊢[] λΓ.t : ∀Γ.A : κ (lem. 32) 2e iff ⊢[] λΓ.t : ∀Γ.A : Prop (lem. 15) 2e iff there is σ Γ ⊢σ t : A : Prop (lem. 14, 25) iff Γ ⊢2t t : A (lem. 38, 39)

2 But the type checking problem for λt is undecidable (thm. 85).

35 8 Conclusion

In this paper, we have given an example of the formal definition of pedagogical sub- 2 system of the Calculus of Constructions of [3] that we called λp, corresponding pre- cisely to the pedagogical second-order λ-calculus of Colson and Michel [6]. Moreover the formalism of CC used in the definition allows for an homogeneous description of various type systems. For instance the introduced constraints for the second-order necessarily need to be transferred to higher orders pedagogical calculi; conversely once a pedagogical Calculus of Constructions will be obtained, pedagogical versions of the λ-cube systems should appear by deletion of some rules and simplification of associated constraints. Furthermore a pedagogical Calculus of Constructions can open the study toward pedagogical pure type systems [1]. Thus we believe the objective of giving a uniform formal handling of the study of formal pedagogy has been reached. 2 During the building of our system λp we uncovered a formalism making explicit 2 into the judgements the needed motivations, λe. This kind of formalism seems to be natural for expressing pedagogical calculi. Also it allows to state more precise and intuitive meta-mathematical properties about these systems. However we have shown it does not carry enough useful information to consider an implementation, especially because the type-checking is still undecidable. As a conclusion, we suggest a simple solution to this problem: let us annotate types with terms to ensure their motivability, just like the typed λ-calculus annotate pure λ-terms with types to ensure their normalization. As an example we give modified rules (env2) and (prod) implementing this (term annotation is at the bottom of types):

Aa Γσ ⊢Aa : κ x 6∈ dom(Γ) Γσ,x : Aa ⊢Bb : Prop ⊢t : σ(∀x .Bb) (env2) (prod) Aa Γσ,x : Aa wf Γσ ⊢(∀x .Bb)t : Prop

In such a formalism, terms should contain the needed information to allow the rebuild of the derivation and then type-checking.

References

[1] Henk Barendregt. Lambda calculi with types, volume 2 of Handbook of Logic in Computer Science, pages 117–309. Oxford University Press, 1992. [2] M.W. Bunder and Jonathan P. Seldin. Variants of the Basic Calculus of Con- structions. Journal of Applied Logic, 2(2):191–217, 2004. [3] Lo¨ıc Colson and Vincent Demange. Investigations on a pedagogical calculus of constructions. Journal of Universal Computer Science, 19(6):729–749, 2013. [4] Lo¨ıc Colson and David Michel. Pedagogical natural deduction systems: the propositional case. Journal of Universal Computer Science, 13(10):1396–1410, 2007.

[5] Lo¨ıc Colson and David Michel. Pedagogical Second-order Propositional Calculi. Journal of Logic and Computation, 18(4):669–695, 2008.

36 [6] Lo¨ıc Colson and David Michel. Pedagogical second-order λ-calculus. Theoretical Computer Science, 410:4190–4203, 2009.

[7] Thierry Coquand. Une th´eorie des constructions. PhD thesis, Universit´eParis VII, 31 January 1985. [8] Thierry Coquand. An analysis of girard’s paradox. In Proceedings of the First Annual IEEE Symposium on Logic in Computer Science (LICS 1986), pages 227–236. IEEE Computer Society Press, June 1986.

[9] Thierry Coquand. Metamathematical investigations of a calculus of constructions. Technical Report 1088, INRIA, September 1989. [10] Miriam Franchella. Brouwer and Griss on intuitionistic negation. Modern Logic 4, 3:256–265, 1994.

[11] H. Friedman. Classically and intuitionistically provably recursive functions. In Springer, editor, Higher Set Theory, volume 669, pages 21–27, 1978. [12] P.C.G. Gilmore. The eﬀect of Griss’ criticism of the intuitionistic logic on deductive theories formalized within the intuitionistic logic. Indagationes Mathe- maticæ, 15:162–174, 175–186, 1953.

[13] J.-Y. Girard. Interprétation fonctionnelle et élimination des coupures dans l’arithmétique d’ordre supérieur. Thèse de doctorat d’état, UniversitéParis VII, 1972. [14] Jean-Yves Girard. Le lambda-calcul du second ordre. In Séminaire N. Bourbaki, number 678, pages 173–185, February 1987.

[15] Jean-Yves Girard, Paul Taylor, and Yves Lafont. Proofs and types. Cambridge University Press, 1990. [16] G.F.C. Griss. Negationless intuitionistic mathematics. Indagationes Mathemat- icæ, 8:675–681, 1946.

[17] G.F.C. Griss. Negationless intuitionistic mathematics II. Indagationes Mathe- maticæ, 12:108–115, 1950. [18] G.F.C. Griss. Negationless intuitionistic mathematics III. Indagationes Mathe- maticæ, 13:193–199, 1951.

[19] G.F.C. Griss. Negationless intuitionistic mathematics IVa, IVb. Indagationes Mathematicæ, 13:452–462,463–471, 1951. [20] Arendt Heyting. G. F. C. Griss and his negationless intuitionistic mathematics. Synthese, 9:91–96, 1955. [21] William A. Howard. The formulas-as-types notion of construction. In J. P. Seldin and J. R. Hindley, editors, To H. B. Curry: Essays on Combinatory Logic, Lambda Calculus, and Formalism, pages 479–490. Academic Press, 1980.

37 [22] Victor N. Krivtsov. A Negationless Interpretation of Intuitionistic Theories. I. Studia Logica, 64(3):323–344, 2000. [23] Victor N. Krivtsov. A Negationless Interpretation of Intuitionistic Theories. II. Studia Logica, 65(2):155–179, 2000. [24] E. G. K. López-Escobar. Constructions and negationless logic. Studia Logica, 30(1):7–22, 1972. [25] E. G. K. López-Escobar. Elementary interpretations of negationless arithmetic. Fundamenta Mathematicae, 82(1):25–38, 1974. [26] Zhaohui Luo. An Extended Calculus of Constructions. PhD thesis, University of Edinburgh, 1990. [27] V. Mezhlumbekova. Deductive capabilities of negationless intuitionistic arithmetic. Moscow University Mathematical Bulletin, 30(2), 1975. [28] David Michel. Systèmes formels et systèmes fonctionnels pédagogiques. PhD thesis, UniversitéPaul-Verlaine – Metz, 2008. [29] John Kent Minichiello. An extension of negationless logic. Notre Dame J. Formal Logic, 10:298–302, 1969. [30] Grigori Mints. Notes on Constructive Negation. Synthese, 148(3):701–717, Febru- ary 2006. [31] D. Nelson. A complete negationless system. Studia Logica, 32:41–49, 1973. [32] David Nelson. Non-Null Implication. The Journal of Symbolic Logic, 31(4):562– 572, December 1966. [33] Michel Parigot. λµ-calculus: An Algorithmic Interpretation of Classical Natural Deduction. In Andrei Voronkov, editor, LPAR, volume 624 of Lecture Notes in Computer Science, pages 190–201. Springer, 1992. [34] Henri Poincaré. Dernières pensées. Flammarion, 1913. [35] John Reynolds. Towards a theory of type structure. In B. Robinet, editor, Pro- gramming Symposium, volume 19 of Lecture Notes in Computer Science, pages 408–425. Springer Berlin / Heidelberg, 1974. [36] Pawel Urzyczyn. Inhabitation in typed lambda-calculi (a syntactic approach). In Philippe de Groote and J. Roger Hindley, editors, Typed Lambda Calculi and Applications, volume 1210 of Lecture Notes in Computer Science, pages 373–389. Springer Berlin / Heidelberg, 1997. [37] V. Valpola. Ein system der negationlosen Logik mit ausschliesslich realisierbaren Prädicaten. Acta Philosophica Fennica, 9:1–247, 1955. [38] P.G.J. Vredenduin. The logic of negationless mathematics. Compositio Mathe- matica, 11:204–277, 1953.